Aspera Orchestrator Denial of Service

MEDIUM (5.3) No Patch (3 days)
cwe-799aspera-orchestratorcloud-softwaredenial-of-serviceemail-serviceibm

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 11%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

IBM Aspera Orchestrator is a cloud-based email service used by some organizations for secure file transfer and collaboration. This vulnerability allows an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency, potentially leading to service disruptions or data loss.

Am I affected?

Affected versions: 4.1.0 If you don't recognise this software, you're probably not affected.

Affected Products

IBM / Aspera Orchestrator

How to fix

  1. Upgrade to Aspera Orchestrator 4.2.0 or later from the IBM Support website: https://www.ibm.com/support/pages/node/7254434#fix.
  2. Immediate mitigations:
  3. Restrict network access to your Aspera Orchestrator instance (firewall it from the public internet).
  4. Monitor for suspicious activity and potential denial-of-service attacks.

References