IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/260116 | Vendor Advisory |
| https://www.ibm.com/support/pages/node/7150117 | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/260116 | Vendor Advisory |
| https://www.ibm.com/support/pages/node/7150117 | Vendor Advisory |
Configurations
History
07 Jan 2025, 21:06
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Ibm aspera Orchestrator
Ibm |
|
| CPE | cpe:2.3:a:ibm:aspera_orchestrator:4.0.1:*:*:*:*:*:*:* | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/260116 - Vendor Advisory | |
| References | () https://www.ibm.com/support/pages/node/7150117 - Vendor Advisory |
21 Nov 2024, 08:11
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/260116 - | |
| References | () https://www.ibm.com/support/pages/node/7150117 - |
03 May 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-03 16:15
Updated : 2025-01-07 21:06
NVD link : CVE-2023-37407
Mitre link : CVE-2023-37407
CVE.ORG link : CVE-2023-37407
JSON object : View
Products Affected
ibm
- aspera_orchestrator
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')