Lucene search

IbmCVELIST:CVE-2023-27283

HistoryMay 04, 2024 - 1:16 p.m.

CVE-2023-27283 IBM Aspera Orchestrator information disclosure

2024-05-0413:16:14

CWE-204

ibm

www.cve.org

ibm

aspera orchestrator

information disclosure

remote attacker

usernames

observable response discrepancies

ibm x-force id

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aspera Orchestrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/248545

www.ibm.com/support/pages/node/7150191

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-27283