Ibm Aspera Orchestrator — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Aspera Orchestrator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-37407 — CVSS 8.8 (high): IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a…
CVE-2025-13481 — CVSS 8.8 (high): IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the…
CVE-2025-13148 — CVSS 8.1 (high): IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior…
CVE-2025-13214 — CVSS 7.6 (high): IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements…
CVE-2023-38001 — CVSS 6.5 (medium): IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2025-13219 — CVSS 5.9 (medium): IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if…
CVE-2023-26288 — CVSS 5.5 (medium): IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate…
CVE-2023-26289 — CVSS 5.4 (medium): IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This…
CVE-2025-13213 — CVSS 5.4 (medium): IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST…
CVE-2025-13211 — CVSS 5.3 (medium): IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to…
CVE-2023-27283 — CVSS 5.3 (medium): IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force…