CVE-2020-4434

EUVD-2020-25681
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AC:H/I:H/UI:N/A:H/AV:N/C:H/S:U/PR:L/RL:O/E:U/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
ibmaspera_application_platform_on_demand
𝑥
≤ 3.7.4
ibmaspera_faspex_on_demand
𝑥
≤ 3.7.4
ibmaspera_high-speed_transfer_endpoint
𝑥
≤ 3.9.3
ibmaspera_high-speed_transfer_server
𝑥
≤ 3.9.3
ibmaspera_high-speed_transfer_server_for_cloud_pak_for_integration
𝑥
≤ 3.9.10
ibmaspera_proxy_server
𝑥
≤ 1.4.3
ibmaspera_server_on_demand
𝑥
≤ 3.7.4
ibmaspera_shares_on_demand
𝑥
≤ 3.7.4
ibmaspera_streaming
𝑥
≤ 3.9.3
ibmaspera_transfer_cluster_manager
𝑥
≤ 1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/180900
https://www.ibm.com/support/pages/node/6221324
https://exchange.xforce.ibmcloud.com/vulnerabilities/180900
https://www.ibm.com/support/pages/node/6221324