Buffer Overflow Vulnerability in IBM Aspera Applications
CVE-2020-4434

7.5HIGH

Summary

Certain IBM Aspera applications are susceptible to a buffer overflow vulnerability, which can be exploited when the product configuration and valid authentication are compromised. An attacker possessing detailed knowledge of the system may leverage this vulnerability to execute arbitrary code or disrupt services through a denial-of-service (DoS) attack via the HTTP fallback service. Organizations using affected IBM Aspera applications should assess their systems and apply necessary mitigations to prevent potential exploitation.

Affected Version(s)

Aspera Application Platform On Demand 3.7.4

Aspera Faspex On Demand 3.7.4

Aspera High-Speed Transfer Endpoint 3.9.3

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.