HIGH🇬🇧 English

CVE-2020-4435

CVSS 7.5v3.1pub. 2020-06-10upd. 2024-11-21

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • IBM Aspera Application Platform On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera Faspex On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera High Speed Transfer Endpoint

    APP
    Ibm
    ≤ 3.9.3
  • IBM Aspera High Speed Transfer Server

    APP
    Ibm
    ≤ 3.9.3
  • IBM Aspera High Speed Transfer Server For Cloud Pak For Integration

    APP
    Ibm
    ≤ 3.9.10
  • IBM Aspera Proxy Server

    APP
    Ibm
    ≤ 1.4.3
  • IBM Aspera Server On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera Shares On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera Streaming

    APP
    Ibm
    ≤ 3.9.3
  • IBM Aspera Transfer Cluster Manager

    APP
    Ibm
    ≤ 1.3.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-7876CRITICAL9.1PL ✓ten sam produkt

Authentication bypass w IBM Aspera HSTS for CP4I umożliwia nieautoryzowany dostęp do plików

CVE-2026-8175CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w IBM Aspera High-Speed Transfer umożliwiający RCE i Auth Bypass

CVE-2026-8180HIGH7.5ten sam produkt

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...

CVE-2026-8179HIGH8.8ten sam produkt

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...

CVE-2020-4432HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could al...