PT-2026-24405 · Ibm · Ibm Aspera Orchestrator
Published
2026-03-10
·
Updated
2026-03-10
·
CVE-2025-13219
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Aspera Orchestrator versions 3.0.0 through 4.1.2
Description
IBM Aspera Orchestrator versions 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This could result in information disclosure if unauthorized parties gain access to the URLs through server logs, referrer headers, or browser history.
Recommendations
Update to a version later than 4.1.2.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Aspera Orchestrator