CVE-2020-4434
Published: Jun 10, 2020
Modified: Sep 17, 2024
CVSS v3.0
7.5
Description
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.
| Vendor | Product | Versions |
|---|---|---|
IBM | Aspera Shares On Demand | affected 3.7.4 |
IBM | Aspera Application Platform On Demand | affected 3.7.4 |
IBM | Aspera Transfer Cluster Manager | affected 1.3.1 |
IBM | Aspera High-Speed Transfer Server | affected 3.9.3 |
IBM | Aspera Proxy Server | affected 1.4.3 |
IBM | Aspera Faspex On Demand | affected 3.7.4 |
IBM | Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) | affected 3.9.10 |
IBM | Aspera High-Speed Transfer Endpoint | affected 3.9.3 |
IBM | Aspera Streaming | affected 3.9.3 |
IBM | Aspera Server On Demand | affected 3.7.4 |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AC:H/I:H/UI:N/A:H/AV:N/C:H/S:U/PR:L/RL:O/E:U/RC:C
Attack Complexity
Integrity
User Interaction
Availability
Attack Vector
Confidentiality
Scope
Privileges Required
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now