CVE-2025-13219

MEDIUM

IBM Aspera Orchestrator 3.0.0-4.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

References (1)

Core 1
Core References
Various Sources vendor-advisory patch
https://www.ibm.com/support/pages/node/7263083

Scores

CVSS v3 5.9
EPSS 0.0033
EPSS Percentile 24.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-598
Status published
Products (1)
ibm/aspera_orchestrator 3.0.0 - 4.1.3
Published Mar 10, 2026
Tracked Since Mar 11, 2026