Vulnerability CVE-2020-4435
Published: 2020-06-10

Description:
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
IBM -> Aspera application platform on demand 
IBM -> Aspera faspex on demand 
IBM -> Aspera high-speed transfer endpoint 
IBM -> Aspera high-speed transfer server 
IBM -> Aspera high-speed transfer server for cloud pak for integration 
IBM -> Aspera proxy server 
IBM -> Aspera server on demand 
IBM -> Aspera shares on demand 
IBM -> Aspera streaming 
IBM -> Aspera transfer cluster manager 

 References:
https://exchange.xforce.ibmcloud.com/vulnerabilities/180901
https://www.ibm.com/support/pages/node/6221324
Copyright 2024, cxsecurity.com

 

Back to Top