Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
IBM Aspera Orchestrator allows attackers to hijack sessions
CVE-2025-13213
Summary
IBM Aspera Orchestrator versions 3.0.0 to 4.1.2 have a security flaw that allows hackers to take control of user sessions. This means they could access sensitive data or impersonate legitimate users. To fix this, apply the latest updates or patches from IBM.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | aspera_orchestrator | > 3.0.0 , <= 4.1.3 | – |
Original title
IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attac...
Original description
IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
nvd CVSS3.1
5.4
Vulnerability type
CWE-644
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026