First published: Mon Jun 08 2020(Updated: )
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Aspera High-Speed Transfer Server | <=3.9.3 and earlier | |
IBM Aspera High-Speed Transfer Endpoint | <=3.9.3 and earlier | |
IBM Aspera Proxy Server | <=1.4.3 and earlier | |
IBM Aspera Transfer Cluster Manager | <=1.3.1 with Aspera High-Speed Transfer Server 3.9.3 and earlier | |
IBM Aspera Application Platform On Demand | <=3.7.4 and earlier | |
IBM Aspera Faspex On Demand | <=3.7.4 and earlier | |
IBM Aspera Server On Demand | <=3.7.4 and earlier | |
IBM Aspera Shares On Demand | <=3.7.4 and earlier | |
IBM Aspera Streaming | <=3.9.3 and earlier | |
IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) | <=3.9.10 and earlier | |
IBM Aspera Application Platform On Demand | <=3.7.4 | |
IBM Aspera Faspex On Demand | <=3.7.4 | |
IBM Aspera High-Speed Transfer Endpoint | <=3.9.3 | |
IBM Aspera High-Speed Transfer Server | <=3.9.3 | |
Ibm Aspera High-speed Transfer Server For Cloud Pak For Integration | <=3.9.10 | |
IBM Aspera Proxy Server | <=1.4.3 | |
IBM Aspera Server On Demand | <=3.7.4 | |
IBM Aspera Shares On Demand | <=3.7.4 | |
IBM Aspera Streaming | <=3.9.3 | |
IBM Aspera Transfer Cluster Manager | <=1.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.