CRITICAL🇵🇱 Wersja polska

CVE-2026-7876

CVSS 9.1pub. 2026-05-27upd. 2026-06-11

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • IBM Aspera High Speed Transfer Server For Cloud Pak For Integration

    APP
    Ibm
    1.5.1 – 1.5.20 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-4432HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could al...

CVE-2020-4433HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds che...

CVE-2020-4434HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid...

CVE-2020-4435HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configurati...

CVE-2020-4436HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allo...