CVE-2023-27283

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Aspera Orchestrator version 4.0.1

Description The issue allows a remote attacker to enumerate usernames due to observable response discrepancies.

Recommendations For IBM Aspera Orchestrator version 4.0.1, upgrade the affected component to mitigate the risk. Investigate the potential impact and monitor for exploitation attempts. As a temporary workaround, consider restricting access to sensitive areas of the application until the issue is resolved.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-204CWE-203

Related Identifiers

CVE-2023-27283

Affected Products

Ibm Aspera Orchestrator

CVE-2023-27283

Weakness Enumeration

Related Identifiers

Affected Products

References · 9