Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HIBM Aspera Application Platform On Demand
APPIbm≤ 3.7.4IBM Aspera Faspex On Demand
APPIbm≤ 3.7.4IBM Aspera High Speed Transfer Endpoint
APPIbm≤ 3.9.3IBM Aspera High Speed Transfer Server
APPIbm≤ 3.9.3IBM Aspera High Speed Transfer Server For Cloud Pak For Integration
APPIbm≤ 3.9.10IBM Aspera Proxy Server
APPIbm≤ 1.4.3IBM Aspera Server On Demand
APPIbm≤ 3.7.4IBM Aspera Shares On Demand
APPIbm≤ 3.7.4IBM Aspera Streaming
APPIbm≤ 3.9.3IBM Aspera Transfer Cluster Manager
APPIbm≤ 1.3.1
Related vulnerabilities
Authentication bypass w IBM Aspera HSTS for CP4I umożliwia nieautoryzowany dostęp do plików
Buffer overflow w IBM Aspera High-Speed Transfer umożliwiający RCE i Auth Bypass
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could al...