CVE-2020-4434

Summary

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Shares On Demand3.7.4affected
IBMAspera Application Platform On Demand3.7.4affected
IBMAspera Transfer Cluster Manager1.3.1affected
IBMAspera High-Speed Transfer Server3.9.3affected
IBMAspera Proxy Server1.4.3affected
IBMAspera Faspex On Demand3.7.4affected
IBMAspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)3.9.10affected
IBMAspera High-Speed Transfer Endpoint3.9.3affected
IBMAspera Streaming3.9.3affected
IBMAspera Server On Demand3.7.4affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References