Vulnerabilities > IBM > Aspera Orchestrator > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2023-26288 | Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.5 |
| 2024-07-30 | CVE-2023-26289 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2024-07-30 | CVE-2023-38001 | Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |