Lucene search
IbmCVE-2023-26288HistoryJul 30, 2024 - 5:15 p.m.
CVE-2023-26288
2024-07-3017:15:11
CWE-613
ibm
web.nvd.nist.gov
54
ibm
aspera orchestrator
password change
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
5.3
Confidence
High
EPSS
0
Percentile
13.7%
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.
Affected configurations
Node
ibmaspera_orchestratorMatch4.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aspera_orchestrator | 4.0.1 | cpe:2.3:a:ibm:aspera_orchestrator:4.0.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Aspera Orchestrator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.0.1"
}
]
}
]Related
cvelist
cvelist
CVE-2023-26288 IBM Aspera Orchestrator session fixation
2024-07-30 17:01:00
vulnrichment
vulnrichment
CVE-2023-26288 IBM Aspera Orchestrator session fixation
2024-07-30 17:01:00
nvd
nvd
CVE-2023-26288
2024-07-30 17:15:11
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
5.3
Confidence
High
EPSS
0
Percentile
13.7%
Related for CVE-2023-26288