CVE-2024-56473
EUVD-2024-5317105.02.2025, 23:15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | aspera_shares | 1.9.0 ≤ 𝑥 < 1.10.0 |
| ibm | aspera_shares | 1.10.0 |
| ibm | aspera_shares | 1.10.0:patch_level1 |
| ibm | aspera_shares | 1.10.0:patch_level2 |
| ibm | aspera_shares | 1.10.0:patch_level3 |
| ibm | aspera_shares | 1.10.0:patch_level4 |
| ibm | aspera_shares | 1.10.0:patch_level5 |
| ibm | aspera_shares | 1.10.0:patch_level6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-117 - Improper Output Neutralization for LogsThe software does not neutralize or incorrectly neutralizes output that is written to logs.
- CWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.