Lucene search

IbmCVE-2023-27283

HistoryMay 04, 2024 - 2:16 p.m.

CVE-2023-27283

2024-05-0414:16:01

CWE-204

ibm

web.nvd.nist.gov

ibm

aspera orchestrator

vulnerability

user enumeration

remote attacker

observable response discrepancies

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.

Affected configurations

Vulners

Vulnrichment

Node

ibmaspera_orchestratorMatch4.0.1

VendorProductVersionCPE
ibmaspera_orchestrator4.0.1cpe:2.3:a:ibm:aspera_orchestrator:4.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aspera_orchestrator	4.0.1	cpe:2.3:a:ibm:aspera_orchestrator:4.0.1:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aspera Orchestrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/248545

www.ibm.com/support/pages/node/7150191

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-27283