CVE-2022-43851 – IBM Aspera Console versions 3.4.0 through 3.4.4... (How to Fix)

Q: What is the severity of CVE-2022-43851?

CVE-2022-43851 has a CVSS score of 5.9 (MEDIUM). IBM Aspera Console versions 3.4.0 through 3.4.4 use weak cryptographic algorithms that could allow attackers to decrypt sensitive data. This affects organizations using these specific versions of IBM's file transfer acceleration software.

📋 TL;DR

IBM Aspera Console versions 3.4.0 through 3.4.4 use weak cryptographic algorithms that could allow attackers to decrypt sensitive data. This affects organizations using these specific versions of IBM's file transfer acceleration software.

💻 Affected Systems

Products:

IBM Aspera Console

Versions: 3.4.0 through 3.4.4

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects IBM Aspera Console, not other Aspera products. Vulnerability exists in default configuration.

📦 What is this software?

Aspera Console by Ibm

View all CVEs affecting Aspera Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt highly sensitive information like credentials, encryption keys, or proprietary data transferred through Aspera Console.

🟠

Likely Case

Unauthorized access to sensitive business data or intellectual property transferred via the platform.

🟢

If Mitigated

Limited data exposure if strong network segmentation and access controls are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires cryptographic analysis capabilities and access to encrypted data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.5 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7169766

Restart Required: Yes

Instructions:

1. Download IBM Aspera Console 3.4.5 or later from IBM Fix Central. 2. Backup current configuration. 3. Install the updated version following IBM's installation guide. 4. Restart the Aspera Console service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Aspera Console to trusted IPs only

Data Encryption Enhancement

all

Use additional encryption layers for sensitive data transfers

🧯 If You Can't Patch

Isolate Aspera Console to internal network segments only
Implement additional encryption for all sensitive data transfers

🔍 How to Verify

Check if Vulnerable:

Check Aspera Console version in web interface or via 'asperaconsole --version' command

Check Version:

asperaconsole --version

Verify Fix Applied:

Verify version is 3.4.5 or later and review cryptographic configuration

📡 Detection & Monitoring

Log Indicators:

Unusual decryption attempts
Multiple failed cryptographic operations

Network Indicators:

Unexpected traffic patterns to Aspera Console
Unusual data extraction patterns

SIEM Query:

source="aspera_console" AND (event_type="crypto_error" OR event_type="decryption_failure")

📊 Metadata

CVE ID: CVE-2022-43851

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-327

EPSS Score: 0.15% exploit probability (35.1th percentile)

Published: April 14, 2025

Last Updated: July 17, 2025

🔗 References

https://www.ibm.com/support/pages/node/7169766 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43851, you might also want to check these: