Lucene search
+L

73 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.32 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 10:9 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.5 Vulnerability Details CVEID:CVE-2026-41316 DESCRIPTION: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBr...

8.1CVSS6.2AI score0.01131EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 9:24 p.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.4 Vulnerability Details CVEID:CVE-2026-33173 DESCRIPTION: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController...

9.8CVSS5.8AI score0.00838EPSS
Exploits0Affected Software5
OSV
OSV
added 2026/03/10 8:16 p.m.6 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:15 p.m.4 views

CVE-2025-13213

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 8:15 p.m.2 views

CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 8:15 p.m.31 views

CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 8:8 p.m.30 views

CVE-2025-13219 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:8 p.m.6 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 3:29 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.3 Vulnerability Details CVEID:CVE-2025-13213 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to...

7.5CVSS5.8AI score0.00351EPSS
Exploits0Affected Software5
CNVD
CNVD
added 2025/12/18 12:0 a.m.2 views

IBM Aspera Orchestrator Unverified Password Change Vulnerability

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...

8.1CVSS7AI score0.00242EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/18 12:0 a.m.4 views

IBM Aspera Orchestrator Denial of Service Vulnerability

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. A denial of service vulnerability exists in IBM Aspera Orchestrator that stems from improper interaction frequency control, which can be exploited by an attacker to cause a denial of...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 8:15 p.m.5 views

CVE-2025-13148

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password...

8.1CVSS6.7AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 8:15 p.m.8 views

CVE-2025-13214

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

8.8CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 7:49 p.m.28 views

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS0.00318EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 7:49 p.m.4 views

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS6.8AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 7:48 p.m.29 views

CVE-2025-13148 IBM Aspera Orchestrator Unverified Password Change

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password...

8.1CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 7:48 p.m.4 views

EUVD-2025-202872

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password...

8.1CVSS6.1AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/11 7:48 p.m.4 views

CVE-2025-13148 IBM Aspera Orchestrator Unverified Password Change

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password...

8.1CVSS6.2AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 7:47 p.m.5 views

CVE-2025-13481 IBM Aspera Orchestrator Command Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

8.8CVSS6.9AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder