Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Aspera Orchestrator session fixation
Vulnerability Description
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
IBM Aspera Orchestrator 代码问题漏洞
Vulnerability Description
IBM Aspera Orchestrator是美国国际商业机器(IBM)公司的一个基于 Web 的应用程序。可为数据驱动型企业提供高效的文件处理管道。 IBM Aspera Orchestrator 4.0.1版本存在代码问题漏洞,该漏洞源于在更改密码后不会使会话无效。攻击者利用该漏洞在系统上冒充另一个用户。
CVSS Information
N/A
Vulnerability Type
N/A