Vulnerabilities > IBM > Aspera Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2023-26288 Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm
5.5
2024-07-30 CVE-2023-26289 Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
5.4
2024-07-30 CVE-2023-38001 Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
6.5
2024-05-04 CVE-2023-27283 Information Exposure Through Discrepancy vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies.
network
low complexity
ibm CWE-203
5.3
2024-05-03 CVE-2023-37407 Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm
8.8