CVE-2020-4435
First published: Mon Jun 08 2020(Updated: )
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Aspera High-Speed Transfer Server | <=3.9.3 and earlier | |
| IBM Aspera High-Speed Transfer Endpoint | <=3.9.3 and earlier | |
| IBM Aspera Proxy Server | <=1.4.3 and earlier | |
| IBM Aspera Transfer Cluster Manager | <=1.3.1 with Aspera High-Speed Transfer Server 3.9.3 and earlier | |
| IBM Aspera Application Platform On Demand | <=3.7.4 and earlier | |
| IBM Aspera Faspex On Demand | <=3.7.4 and earlier | |
| IBM Aspera Server On Demand | <=3.7.4 and earlier | |
| IBM Aspera Shares On Demand | <=3.7.4 and earlier | |
| IBM Aspera Streaming | <=3.9.3 and earlier | |
| IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) | <=3.9.10 and earlier | |
| IBM Aspera Application Platform On Demand | <=3.7.4 | |
| IBM Aspera Faspex On Demand | <=3.7.4 | |
| IBM Aspera High-Speed Transfer Endpoint | <=3.9.3 | |
| IBM Aspera High-Speed Transfer Server | <=3.9.3 | |
| Ibm Aspera High-speed Transfer Server For Cloud Pak For Integration | <=3.9.10 | |
| IBM Aspera Proxy Server | <=1.4.3 | |
| IBM Aspera Server On Demand | <=3.7.4 | |
| IBM Aspera Shares On Demand | <=3.7.4 | |
| IBM Aspera Streaming | <=3.9.3 | |
| IBM Aspera Transfer Cluster Manager | <=1.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm aspera application platform on demand
- version/ibm aspera application platform on demand/3.7.4
- canonical/ibm aspera faspex on demand
- version/ibm aspera faspex on demand/3.7.4
- canonical/ibm aspera high-speed transfer endpoint
- version/ibm aspera high-speed transfer endpoint/3.9.3
- canonical/ibm aspera high-speed transfer server
- version/ibm aspera high-speed transfer server/3.9.3
- canonical/ibm aspera high-speed transfer server for cloud pak for integration
- version/ibm aspera high-speed transfer server for cloud pak for integration/3.9.10
- canonical/ibm aspera proxy server
- version/ibm aspera proxy server/1.4.3
- canonical/ibm aspera server on demand
- version/ibm aspera server on demand/3.7.4
- canonical/ibm aspera shares on demand
- version/ibm aspera shares on demand/3.7.4
- canonical/ibm aspera streaming
- version/ibm aspera streaming/3.9.3
- canonical/ibm aspera transfer cluster manager
- version/ibm aspera transfer cluster manager/1.3.1
- version/ibm aspera high-speed transfer server/3.9.3 and earlier
- version/ibm aspera high-speed transfer endpoint/3.9.3 and earlier
- version/ibm aspera proxy server/1.4.3 and earlier
- version/ibm aspera transfer cluster manager/1.3.1 with aspera high-speed transfer server 3.9.3 and earlier
- version/ibm aspera application platform on demand/3.7.4 and earlier
- version/ibm aspera faspex on demand/3.7.4 and earlier
- version/ibm aspera server on demand/3.7.4 and earlier
- version/ibm aspera shares on demand/3.7.4 and earlier
- version/ibm aspera streaming/3.9.3 and earlier
- canonical/ibm aspera high-speed transfer server for cloud pak for integration (cp4i)
- version/ibm aspera high-speed transfer server for cloud pak for integration (cp4i)/3.9.10 and earlier