July 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
“Stealc” – An Information Stealer Malware – Active IOCs
May 6, 2024
Israel Constructs ‘Cyber Dome’ to Defend Against Iranian Threat Actors
May 6, 2024
“Stealc” – An Information Stealer Malware – Active IOCs
May 6, 2024
Israel Constructs ‘Cyber Dome’ to Defend Against Iranian Threat Actors
May 6, 2024
Severity
Medium
Analysis Summary
CVE-2023-27283 CVSS:6.4
IBM Aspera Orchestrator 4.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-27281 CVSS:5.3
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies.
CVE-2023-27280 CVSS:5.9
IBM Aspera Orchestrator 4.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information.
CVE-2023-37407 CVSS:8.8
IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Impact
- Information Disclosure
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
- CVE-2023-27283
- CVE-2023-27281
- CVE-2023-27280
- CVE-2023-37407
Affected Vendors
IBM
Affected Products
- IBM Aspera Orchestrator 4.0.1
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.