CVE-2020-4435

🗓️ 10 Jun 2020 12:57:54Reported by ibmType

IBM Aspera apps vulnerable to arbitrary memory corruptio

Reporter	Title	Published	Views	Family All 9
IBM Security Bulletins	Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436)	21 Feb 202201:13	–	ibm
CNVD	Command Execution Vulnerability in Multiple IBM Products (CNVD-2020-33144)	11 Jun 202000:00	–	cnvd
CNVD	Command Execution Vulnerability in Multiple IBM Products	11 Jun 202000:00	–	cnvd
CNVD	Buffer Overflow Vulnerability in Multiple IBM Products (CNVD-2020-33147)	11 Jun 202000:00	–	cnvd
CVE	CVE-2020-4435	10 Jun 202012:57	–	cve
EUVD	EUVD-2020-25682	7 Oct 202500:30	–	euvd
NVD	CVE-2020-4435	10 Jun 202013:15	–	nvd
OSV	CVE-2020-4435	10 Jun 202013:15	–	osv
Prion	Memory corruption	10 Jun 202013:15	–	prion

[
  {
    "product": "Aspera Transfer Cluster Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.1"
      }
    ]
  },
  {
    "product": "Aspera High-Speed Transfer Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.3"
      }
    ]
  },
  {
    "product": "Aspera Shares On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera Application Platform On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera Proxy Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.3"
      }
    ]
  },
  {
    "product": "Aspera Faspex On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera Server On Demand",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.4"
      }
    ]
  },
  {
    "product": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.10"
      }
    ]
  },
  {
    "product": "Aspera Streaming",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.3"
      }
    ]
  },
  {
    "product": "Aspera High-Speed Transfer Endpoint",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.9.3"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/180901
ibm	www.ibm.com/support/pages/node/6221324

10 Jun 2020 12:57Current

7.8High risk

Vulners AI Score7.8

CVSS 37.5

EPSS0.01616