IBM Aspera Console 3.4.0 up to and including 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the malicious user to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.