CVE-2020-4435

Summary

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Transfer Cluster Manager1.3.1affected
IBMAspera High-Speed Transfer Server3.9.3affected
IBMAspera Shares On Demand3.7.4affected
IBMAspera Application Platform On Demand3.7.4affected
IBMAspera Proxy Server1.4.3affected
IBMAspera Faspex On Demand3.7.4affected
IBMAspera Server On Demand3.7.4affected
IBMAspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)3.9.10affected
IBMAspera Streaming3.9.3affected
IBMAspera High-Speed Transfer Endpoint3.9.3affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References