cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-26288,https://securityvulnerability.io/vulnerability/CVE-2023-26288,IBM Aspera Orchestrator 4.0.1 Password Change Vulnerability,"IBM Aspera Orchestrator version 4.0.1 contains a security vulnerability related to its session management mechanism. Following a password change, the application does not invalidate user sessions, which could allow an authenticated user to impersonate another user on the system. This flaw creates potential for unauthorized access and may lead to sensitive information being exposed or abused. Users of this software should be aware of the implications of this oversight and take necessary precautions to mitigate potential risks.",IBM,Aspera Orchestrator,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-30T17:01:00.430Z,0
CVE-2023-38001,https://securityvulnerability.io/vulnerability/CVE-2023-38001,Cross-Site Request Forgery Vulnerability in IBM Aspera Orchestrator 4.0.1,"IBM Aspera Orchestrator version 4.0.1 is exposed to a cross-site request forgery vulnerability that permits an attacker to execute unauthorized commands by exploiting the trust a website has for its users. This flaw enables malevolent actors to perform actions on behalf of authenticated users, compromising the integrity and security of operations facilitated by the affected product. Users and administrators should review the advisory and implement recommended patches and best practices to mitigate the threat associated with this vulnerability.",IBM,Aspera Orchestrator,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-30T16:54:07.076Z,0
CVE-2023-26289,https://securityvulnerability.io/vulnerability/CVE-2023-26289,Aspera Orchestrator Vulnerable to HTTP Header Injection,"IBM Aspera Orchestrator 4.0.1 contains a vulnerability due to insufficient validation of input in HOST headers, which may allow an attacker to exploit this weakness through various attacks. Potential threats include cross-site scripting, cache poisoning, and session hijacking, which could compromise the integrity and confidentiality of user data within the affected systems. Organizations utilizing this product should assess their exposure and implement necessary mitigations promptly to protect against these threats.",IBM,Aspera Orchestrator,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-30T16:50:29.871Z,0
CVE-2023-27283,https://securityvulnerability.io/vulnerability/CVE-2023-27283,Aspera Orchestrator 4.0.1 Vulnerability Could Enable Remote Username Enumeration,"The vulnerability in IBM Aspera Orchestrator version 4.0.1 enables remote attackers to enumerate usernames by exploiting observable discrepancies in application responses. When attackers send specific requests, the differences in response times or content can be leveraged to infer valid usernames, leading to further security risks. Organizations using this version should assess their exposure and take appropriate measures to mitigate the potential exploitation of this vulnerability.",IBM,Aspera Orchestrator,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-04T13:16:14.314Z,0
CVE-2023-37407,https://securityvulnerability.io/vulnerability/CVE-2023-37407,Aspera Orchestrator 4.0.1 Vulnerability Allows Remote Execution of Arbitrary Commands,"IBM Aspera Orchestrator version 4.0.1 is susceptible to a vulnerability that enables remote authenticated attackers to send specially crafted requests, which could lead to the execution of arbitrary commands on the affected system. This exploitation potential presents significant risks for the integrity and confidentiality of the system and its data. Organizations utilizing this version of Aspera Orchestrator should prioritize applying available patches and implement monitoring procedures to safeguard against potential attacks.",IBM,Aspera Orchestrator,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-05-03T16:15:00.000Z,0