Ibm Aspera Orchestrator
11 CVEs affecting Ibm Aspera Orchestrator. Latest disclosed: 2026-03-10. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13481 | High | 8.8 | 2025-12-11 | IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to impro… |
CVE-2023-37407 | High | 8.8 | 2024-05-03 | IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request… |
CVE-2025-13148 | High | 8.1 | 2025-12-11 | IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that pass… |
CVE-2025-13214 | High | 7.6 | 2025-12-11 | IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow th… |
CVE-2023-38001 | Medium | 6.5 | 2024-07-30 | IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitt… |
CVE-2025-13219 | Medium | 5.9 | 2026-03-10 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties hav… |
CVE-2023-26288 | Medium | 5.5 | 2024-07-30 | IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the sy… |
CVE-2025-13213 | Medium | 5.4 | 2026-03-10 | IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allo… |
CVE-2023-26289 | Medium | 5.4 | 2024-07-30 | IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker… |
CVE-2025-13211 | Medium | 5.3 | 2025-12-11 | IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of inte… |
CVE-2023-27283 | Medium | 5.3 | 2024-05-04 | IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. |