Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM47545EE334637E69BA87BEA64355EE9EA13172298CA7780F945332C2CAEA46EA
HistoryDec 08, 2020 - 6:23 p.m.

Security Bulletin: cURL vulnerability CVE-2019-5443 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

2020-12-0818:23:44
www.ibm.com
9

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

cURL vulnerability CVE-2019-5443 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0 with streaming license.

Vulnerability Details

CVEID:CVE-2019-5443
**DESCRIPTION:**cURL libcurl for Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw in the OpenSSL engine. By inputting code and a config file in a known non-privileged path, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162844 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Aspera Streaming / IBM Aspera Streaming for Video 3.9.6.1 and earlier

Remediation/Fixes

The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0 with streaming license.

Product VRMF APAR Remediation/First Fix
IBM Aspera High-Speed Transfer Server 4.0.0 None https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server&release=4.0.0&platform=All&function=all
IBM Aspera High-Speed Transfer Endpoint 4.0.0 None https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Endpoint&release=4.0.0&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
aspera high-speed synceq4.0.0

Related

hackerone 3
cve 1
prion 1
osv 1
redhatcve 1
symantec 1
ibm 1
debiancve 1
ubuntucve 1
nessus 4
openvas 2
cloudfoundry 1
freebsd 1
photon 2
oracle 3
ics 1
hackerone
hackerone
curl: Windows Privilege Escalation: Malicious OpenSSL Engine
2019-06-12 02:21:14
curl: curl on Windows can be forced to execute code via OpenSSL environment variables
2019-10-14 23:02:51
Internet Bug Bounty: Windows builds with insecure path defaults (CVE-2019-1552)
2019-08-28 00:18:59
cve
cve
CVE-2019-5443
2019-07-02 19:15:00
prion
prion
Code injection
2019-07-02 19:15:00
osv
osv
CVE-2019-5443
2019-07-02 19:15:10
redhatcve
redhatcve
CVE-2019-5443
2019-11-13 16:37:26
symantec
symantec
curl CVE-2019-5443 Local Code Injection Vulnerability
2019-06-24 00:00:00
ibm
ibm
Security Bulletin: Curl vulnerabilities CVE-2019-5443 impacts IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Client, IBM Aspera Desktop Client 3.9.1 and earlier
2020-07-17 00:46:14
debiancve
debiancve
CVE-2019-5443
2019-07-02 19:15:00
ubuntucve
ubuntucve
CVE-2019-5443
2019-07-02 00:00:00
nessus
nessus
Oracle Enterprise Manager Ops Center (Oct 2019 CPU)
2020-01-17 00:00:00
MySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
MySQL 8.0.x < 8.0.18 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
openvas
openvas
Oracle MySQL Server 5.7 <= 5.7.27 / 8.0 <= 8.0.17 Security Update (cpuoct2019) - Windows
2019-10-23 00:00:00
Oracle MySQL Server 5.7 <= 5.7.27 / 8.0 <= 8.0.17 Security Update (cpuoct2019) - Linux
2019-10-23 00:00:00
cloudfoundry
cloudfoundry
MySQL Security Updates - Oct 2019 | Cloud Foundry
2020-01-27 00:00:00
freebsd
freebsd
MySQL -- Multiple vulerabilities
2019-10-15 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0420
2023-07-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for 47545EE334637E69BA87BEA64355EE9EA13172298CA7780F945332C2CAEA46EA
hackerone3cve1prion1osv1redhatcve1symantec1ibm1debiancve1ubuntucve1nessus4openvas2cloudfoundry1freebsd1photon2oracle3ics1