IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aspera_orchestrator | Ibm | 3.0.0 (including) | 4.1.3 (excluding) |