Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM47175DB5BAEF34EC0E507F5AF1B4A6CDBC4C06A82754A9E5A126DBED98C33D9C
HistoryDec 10, 2020 - 10:23 p.m.

Security Bulletin: NGINX vulnerability CVE-2020-5863 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

2020-12-1022:23:43
www.ibm.com
9

0.001 Low

EPSS

Percentile

47.3%

JSON

Summary

NGINX vulnerability CVE-2020-5863 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0.

Vulnerability Details

CVEID:CVE-2020-5863
**DESCRIPTION:**F5 NGINX Controller could allow a remote attacker to bypass security restrictions, caused by improper access control by the Controller API. By sending a specially crafted request, an attacker could exploit this vulnerability to create unprivileged user accounts, and upload a new license to the system.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178712 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier
IBM Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier

Remediation/Fixes

The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0.

Product VRMF APAR Remediation/First Fix
IBM Aspera High-Speed Transfer Server 4.0.0 None https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server&release=4.0.0&platform=All&function=all
IBM Aspera High-Speed Transfer Endpoint 4.0.0 None https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Endpoint&release=4.0.0&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
aspera high-speed synceq4.0.0

Related

nvd 1
f5 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2020-5863
2020-03-27 15:15:12
f5
f5
K14631834 : NGINX Controller vulnerability CVE-2020-5863
2020-03-19 00:00:00
prion
prion
Design/Logic Flaw
2020-03-27 15:15:00
cve
cve
CVE-2020-5863
2020-03-27 15:15:12
cvelist
cvelist
CVE-2020-5863
2020-03-27 14:35:31

0.001 Low

EPSS

Percentile

47.3%

JSON
Related for 47175DB5BAEF34EC0E507F5AF1B4A6CDBC4C06A82754A9E5A126DBED98C33D9C
nvd1f51prion1cve1cvelist1