Vulnerability in Ibm Aspera Application Platform On Demand
CVE-2020-4435
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service…
EPSS: 0.010 (76.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/I:H/AC:H/UI:N/A:H/AV:N/C:H/S:U/PR:L/RL:O/E:U/RC:C.
Affected products
- Ibm Aspera Application Platform On Demand — versions 3.7.4
- Ibm Aspera Faspex On Demand — versions 3.7.4
- Ibm Aspera High-speed Transfer Endpoint — versions 3.9.3
- Ibm Aspera High-speed Transfer Server — versions 3.9.3
- Ibm Aspera High-speed Transfer Server For Cloud Pak Integration (Cp4i) — versions 3.9.10
- Ibm Aspera Proxy Server — versions 1.4.3
- Ibm Aspera Server On Demand — versions 3.7.4
- Ibm Aspera Shares On Demand — versions 3.7.4
- Ibm Aspera Streaming — versions 3.9.3
- Ibm Aspera Transfer Cluster Manager — versions 1.3.1
References
- www.ibm.com/support/pages/node/6221324 (x_refsource_CONFIRM)
- ibm-aspera-cve20204435-command-exec (180901) (vdb-entry, x_refsource_XF)
Frequently asked questions
- What is CVE-2020-4435?
- CVE-2020-4435 is a high-severity vulnerability in Ibm Aspera Application Platform On Demand. CVSS score: 7.5/10. Published 2020-06-10.
- How severe is CVE-2020-4435?
- High severity. CVSS v3 base score is 7.5 out of 10.