CVE-2020-4435

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/I:H/AC:H/UI:N/A:H/AV:N/C:H/S:U/PR:L/RL:O/E:U/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
ibmaspera_application_platform_on_demand
𝑥
≤ 3.7.4
ibmaspera_faspex_on_demand
𝑥
≤ 3.7.4
ibmaspera_high-speed_transfer_endpoint
𝑥
≤ 3.9.3
ibmaspera_high-speed_transfer_server
𝑥
≤ 3.9.3
ibmaspera_high-speed_transfer_server_for_cloud_pak_for_integration
𝑥
≤ 3.9.10
ibmaspera_proxy_server
𝑥
≤ 1.4.3
ibmaspera_server_on_demand
𝑥
≤ 3.7.4
ibmaspera_shares_on_demand
𝑥
≤ 3.7.4
ibmaspera_streaming
𝑥
≤ 3.9.3
ibmaspera_transfer_cluster_manager
𝑥
≤ 1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/180901
https://www.ibm.com/support/pages/node/6221324
https://exchange.xforce.ibmcloud.com/vulnerabilities/180901
https://www.ibm.com/support/pages/node/6221324