Command Injection Vulnerability in IBM Aspera Applications
CVE-2020-4432
7.5HIGH
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 10 June 2020
Summary
Certain IBM Aspera applications are susceptible to command injection due to flawed input handling in their SOAP API. An attacker with valid authentication can exploit this vulnerability to execute arbitrary commands on the affected system. This poses significant risks as it requires in-depth knowledge of the system's internal structure. Organizations leveraging IBM Aspera must ensure they apply the recommended patches and follow security best practices to mitigate potential risks.
Affected Version(s)
Aspera Application Platform On Demand 3.7.4
Aspera Faspex On Demand 3.7.4
Aspera High-Speed Transfer Endpoint 3.9.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved