IBM Aspera Shares CVE-2023-38018 Session Management Vulnerability Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - CVE-ID: CVE-2023-38018 - Description: IBM Aspera Shares does not invalidate sessions after a password change, which could allow an authenticated user to impersonate another user. 2. Vulnerability Details: - CVSS Base Score: 6.3 - CVSS Temporal Score: 6.3 - CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) 3. Affected Products and Versions: - IBM Aspera Shares 1.10.0 PL3 - IBM Aspera Shares 1.10.0 PL3 4. Remediation Recommendation: - Apply the fix patch as soon as possible. 5. Workarounds and Mitigations: - None. 6. Notify on Future Security Advisories: - Subscribe to My Notifications to receive important product support alerts. 7. Related Links: - Complete CVSS v3 Guide - Online Calculator v3 - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog 8. Disclaimer: - IBM provides CVSS scores "as is" without any express or implied warranties, including but not limited to merchantability or fitness for a particular purpose. - Customers are responsible for evaluating the impact of any actual or potential security vulnerabilities. - IBM periodically updates component records in product/service inventories and addresses related vulnerabilities when previously unidentified packages are identified, regardless of CVE date. 9. Affected Products and Versions: - IBM Aspera - IBM Aspera Enterprise - IBM Aspera Enterprise On Demand - IBM Aspera Shares - IBM Aspera on Demand This information provides a detailed description of the vulnerability, its scope of impact, remediation recommendations, and related resources.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Aspera Shares CVE-2023-38018 Session Management Vulnerability Advisory