CNNVD-202512-2111 Information

Dec 11, 2025 cve

CNNVD ID

CNNVD-202512-2111

CVE-2025-13214

  • CNNVD Published: 2025-12-11

Description (Chinese)

IBM Aspera Orchestrator是美国国际商业机器(IBM)公司的一个基于 Web 的应用程序。可为数据驱动型企业提供高效的文件处理管道。 IBM Aspera Orchestrator 4.0.0版本至4.1.0版本存在SQL注入漏洞,该漏洞源于SQL语句处理不当,可能导致SQL注入攻击。

Description (English)

IBM Aspera Orchestra is a Web-based application of IBM. Efficient document-processing conduits can be provided for data-driven enterprises. IBM Aspera Orchestra 4.0.0 to 4.1.0 has an injection loophole in SQL, which stems from the inappropriate handling of SQL statements, which could lead to SQL injection attacks.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

国际商业机器

Published

2025-12-11

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7254434

Patch

https://www.ibm.com/support/pages/node/7254434

Share on: