Primary

Context

IBM Aspera Shares Cryptographic Vulnerability Allowing Decryption of Sensitive Information

Vulnerability

Patched

A vulnerability exists in IBM Aspera Shares versions 1.9.9 prior to 1.11.0, where weaker than expected cryptographic algorithms could enable an attacker to decrypt highly sensitive information. This issue is categorized under CWE-327: Use of a Broken or Risky Cryptographic Algorithm.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of sensitive information, potentially exposing confidential data to attackers.

Remediation

Users can upgrade to IBM Aspera Shares version 1.11.1 to address this vulnerability. Instructions for downloading this version are available on the IBM Support Fix Central website.

Added: Apr 1, 2026, 10:06 PM

Updated: Apr 1, 2026, 10:06 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Aspera Shares Cryptographic Vulnerability Allowing Decryption of Sensitive Information

Vulnerability

Impact

Remediation

Affected Products

IBM Aspera Shares

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating