CVE-2023-37407

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 48.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Orchestrator
Timeline
PublishedMay 3

Description

IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/aspera_orchestrator4.0.1

🔴Vulnerability Details

2
GHSA
GHSA-gc57-fjfv-rc79: IBM Aspera Orchestrator 42024-05-03
CVEList
IBM Aspera Orchestrator command execution2024-05-03
CVE-2023-37407 (HIGH CVSS 8.8) | IBM Aspera Orchestrator 4.0.1 could | cvebase.io