7.5

CVE-2025-13219

Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmAspera Orchestrator Version >= 3.0.0 < 4.1.3
   LinuxLinux Kernel Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.25
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-598 Use of HTTP Request With Sensitive Query String

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

https://www.ibm.com/support/pages/node/7263083
Vendor Advisory