IBM Aspera Orchestrator 4.0.1 Password Change Vulnerability

CVE-2023-26288

5.5MEDIUM

Key Information

Vendor: IBM
Status: Aspera Orchestrator
Vendor: CVE Published:; 30 July 2024

Summary

IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.

Affected Version(s)

Aspera Orchestrator = 4.0.1

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 30, 2024
Vulnerability Reserved.
Feb 21, 2023

Collectors

NVD DatabaseMitre Database