CVE-2025-13148
published 2025-12-11CVE-2025-13148: IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aspera_orchestrator | >= 4.0.0 < 4.1.1 | 4.1.1 |
| ibm | aspera_orchestrator | 4.0.0 – 4.1.0 | — |