Stack-Based Buffer Overflow Vulnerability in IBM Aspera Applications
CVE-2020-4433
7.5HIGH
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 10 June 2020
Summary
Certain IBM Aspera applications are susceptible to a stack-based buffer overflow, resulting from improper bounds checking. This vulnerability enables a remote attacker, who possesses extensive knowledge of the server architecture, to potentially execute arbitrary code with root privileges or cause the server to crash. This poses significant risks for organizations utilizing affected IBM Aspera applications.
Affected Version(s)
Aspera Application Platform On Demand 3.7.4
Aspera Faspex On Demand 3.7.4
Aspera High-Speed Transfer Endpoint 3.9.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved