CVE-2020-4433

Summary

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Faspex On Demand3.7.4affected
IBMAspera Server On Demand3.7.4affected
IBMAspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)3.9.10affected
IBMAspera High-Speed Transfer Endpoint3.9.3affected
IBMAspera Streaming3.9.3affected
IBMAspera Transfer Cluster Manager1.3.1affected
IBMAspera High-Speed Transfer Server3.9.3affected
IBMAspera Shares On Demand3.7.4affected
IBMAspera Application Platform On Demand3.7.4affected
IBMAspera Proxy Server1.4.3affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References