Aspera Orchestrator 4.0.1 Vulnerability Could Enable Remote Username Enumeration

CVE-2023-27283
5.3MEDIUM

Key Information

Vendor
IBM
Status
Aspera Orchestrator
Vendor
Published:
4 May 2024

Summary

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.

Affected Version(s)

Aspera Orchestrator = 4.0.1

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
LOW
Integrity:
NONE
Availability:
NONE
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.