EUVD-2020-25680

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Certain IBM Aspera applications have a buffer overflow vulnerability allowing remote code execution.

Reporter	Title	Published	Views	Family All 8
IBM Security Bulletins	Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436)	21 Feb 202201:13	–	ibm
CNVD	Buffer Overflow Vulnerability in Multiple IBM Products (CNVD-2020-33143)	11 Jun 202000:00	–	cnvd
CNVD	Command Execution Vulnerability in Multiple IBM Products	11 Jun 202000:00	–	cnvd
CNVD	Buffer Overflow Vulnerability in Multiple IBM Products (CNVD-2020-33147)	11 Jun 202000:00	–	cnvd
CVE	CVE-2020-4433	10 Jun 202012:57	–	cve
Cvelist	CVE-2020-4433	10 Jun 202012:57	–	cvelist
NVD	CVE-2020-4433	10 Jun 202013:15	–	nvd
Prion	Stack overflow	10 Jun 202013:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "1c9303ec-dff8-334b-a8e8-6080e4ac6120",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "179d04fc-1aa1-3a22-97d4-0f81ca197fe1",
        "product": {
          "name": "Aspera Proxy Server"
        },
        "product_version": "1.4.3"
      },
      {
        "id": "17b11ea2-12ec-3e69-ad77-5667898caaee",
        "product": {
          "name": "Aspera Faspex On Demand"
        },
        "product_version": "3.7.4"
      },
      {
        "id": "2d1377fc-331d-35b3-913a-e0eee114aa59",
        "product": {
          "name": "Aspera High-Speed Transfer Endpoint"
        },
        "product_version": "3.9.3"
      },
      {
        "id": "771b8266-867a-33b6-aa2a-a79deb5e4636",
        "product": {
          "name": "Aspera Transfer Cluster Manager"
        },
        "product_version": "1.3.1"
      },
      {
        "id": "8e0395a7-32a7-30e3-b6d5-2e83e0719fcd",
        "product": {
          "name": "Aspera Server On Demand"
        },
        "product_version": "3.7.4"
      },
      {
        "id": "a4e6d2de-5add-3ec9-b192-d82e08815bd5",
        "product": {
          "name": "Aspera High-Speed Transfer Server"
        },
        "product_version": "3.9.3"
      },
      {
        "id": "ccebab0e-6d1f-377a-b58d-6691aca21efc",
        "product": {
          "name": "Aspera Streaming"
        },
        "product_version": "3.9.3"
      },
      {
        "id": "cf2e0d49-ab53-3eb8-a48d-f36b7f35c0e7",
        "product": {
          "name": "Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)"
        },
        "product_version": "3.9.10"
      },
      {
        "id": "d7a9b4d2-e0ba-36f0-b896-a866fe115e31",
        "product": {
          "name": "Aspera Application Platform On Demand"
        },
        "product_version": "3.7.4"
      },
      {
        "id": "e396e94a-83dd-337c-8f3d-1faa0c658fcd",
        "product": {
          "name": "Aspera Shares On Demand"
        },
        "product_version": "3.7.4"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6221324
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/180814
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.8High risk

Vulners AI Score7.8

CVSS 37.5

CVSS 3.17.5

CVSS 29.3

EPSS0.03738