CVE-2022-43841 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ibm	CNA	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
ibm	aspera_console	3.4.0 ≤ 𝑥 ≤ 3.4.2
ibm	aspera_console	3.4.2:patch_level_1
ibm	aspera_console	3.4.2:patch_level_2
ibm	aspera_console	3.4.2:patch_level_3
ibm	aspera_console	3.4.2:patch_level_4
ibm	aspera_console	3.4.2:patch_level_5
ibm	aspera_console	3.4.2:patch_level_6
ibm	aspera_console	3.4.2:patch_level_7
ibm	aspera_console	3.4.2:patch_level_8
ibm	aspera_console	3.4.2:patch_level_9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-525 - Use of Web Browser Cache Containing Sensitive Information
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/239078

https://www.ibm.com/support/pages/node/7155202

https://exchange.xforce.ibmcloud.com/vulnerabilities/239078

https://www.ibm.com/support/pages/node/7155202