CVE-2020-4435

🗓️ 10 Jun 2020 12:57:54Reported by ibmType

IBM Aspera apps vuln to arbitrary memory corruption, allowing attacker to execute code or perform DoS via http fallback service

Reporter	Title	Published	Views	Family All 9
IBM Security Bulletins	Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436)	21 Feb 202201:13	–	ibm
CNVD	Command Execution Vulnerability in Multiple IBM Products (CNVD-2020-33144)	11 Jun 202000:00	–	cnvd
CNVD	Command Execution Vulnerability in Multiple IBM Products	11 Jun 202000:00	–	cnvd
CNVD	Buffer Overflow Vulnerability in Multiple IBM Products (CNVD-2020-33147)	11 Jun 202000:00	–	cnvd
Cvelist	CVE-2020-4435	10 Jun 202012:57	–	cvelist
EUVD	EUVD-2020-25682	7 Oct 202500:30	–	euvd
NVD	CVE-2020-4435	10 Jun 202013:15	–	nvd
OSV	CVE-2020-4435	10 Jun 202013:15	–	osv
Prion	Memory corruption	10 Jun 202013:15	–	prion

NVD

Vulners

Node

ibm aspera_application_platform_on_demandRange≤3.7.4

ibm aspera_faspex_on_demandRange≤3.7.4

ibm aspera_high-speed_transfer_endpointRange≤3.9.3

ibm aspera_high-speed_transfer_serverRange≤3.9.3

ibm aspera_high-speed_transfer_server_for_cloud_pak_for_integrationRange≤3.9.10

ibm aspera_proxy_serverRange≤1.4.3

ibm aspera_server_on_demandRange≤3.7.4

ibm aspera_shares_on_demandRange≤3.7.4

ibm aspera_streamingRange≤3.9.3

ibm aspera_transfer_cluster_managerRange≤1.3.1

[
  {
    "product": "Aspera Transfer Cluster Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.1"
      }
    ]
  },
  {
    "product": "Aspera High-Speed Transfer Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.3"
      }
    ]
  },
  {
    "product": "Aspera Shares On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera Application Platform On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera Proxy Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.3"
      }
    ]
  },
  {
    "product": "Aspera Faspex On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera Server On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.10"
      }
    ]
  },
  {
    "product": "Aspera Streaming",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.3"
      }
    ]
  },
  {
    "product": "Aspera High-Speed Transfer Endpoint",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.3"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6221324
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/180901

21 Nov 2024 05:32Current

7.8High risk

Vulners AI Score7.8

CVSS 26

CVSS 3.17.5

CVSS 37.5

EPSS0.00954

CWE-787