CNNVD-202512-2110 Information

CNNVD ID

CNNVD-202512-2110

Related CVE

CVE-2025-13481

• CNNVD Published: 2025-12-11

Description (Chinese)

IBM Aspera Orchestrator是美国国际商业机器（IBM）公司的一个基于 Web 的应用程序。可为数据驱动型企业提供高效的文件处理管道。 IBM Aspera Orchestrator 4.0.0版本至4.1.0版本存在操作系统命令注入漏洞，该漏洞源于用户输入验证不足，可能导致执行任意代码。

Description (English)

IBM Aspera Orchestra is a Web-based application of IBM. Efficient document-processing conduits can be provided for data-driven enterprises. The IBM Aspera Orchestra from Versions 4.0.0 to 4.1.0 contains a loophole in the operating system command, which arises from insufficient user input validation, which may lead to the enforcement of any code.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

国际商业机器

Published

2025-12-11

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7254434

Patch

https://www.ibm.com/support/pages/node/7254434