Vulnerability CVE-2020-4433
Published: 2020-06-10

Description:
Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Type:

CWE-787

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Aspera application platform on demand 
IBM -> Aspera faspex on demand 
IBM -> Aspera high-speed transfer endpoint 
IBM -> Aspera high-speed transfer server 
IBM -> Aspera high-speed transfer server for cloud pak for integration 
IBM -> Aspera proxy server 
IBM -> Aspera server on demand 
IBM -> Aspera shares on demand 
IBM -> Aspera streaming 
IBM -> Aspera transfer cluster manager 

 References:
https://exchange.xforce.ibmcloud.com/vulnerabilities/180814
https://www.ibm.com/support/pages/node/6221324
Copyright 2024, cxsecurity.com

 

Back to Top