CVE-2025-13219
published 2026-03-10CVE-2025-13219: IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aspera_orchestrator | >= 3.0.0 < 4.1.3 | 4.1.3 |
| ibm | aspera_orchestrator | 3.0.0 – 4.1.2 | — |