Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436)

Summary

Certain IBM Aspera applications are vulnerable to the following vulnerabilities based on product configuration and/or valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS). The vulnerabilities are fixed in the listed product versions below.

Vulnerability Details

CVEID:CVE-2020-4434
**DESCRIPTION:**Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-4436
**DESCRIPTION:**Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180902 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-4435
**DESCRIPTION:**Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-4432
**DESCRIPTION:**Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180810 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-4433
**DESCRIPTION:**Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180814 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) |

Version(s)

—|—
IBM Aspera High-Speed Transfer Server |

3.9.3 and earlier

IBM Aspera High-Speed Transfer Endpoint | 3.9.3 and earlier
IBM Aspera Proxy Server | 1.4.3 and earlier
IBM Aspera Transfer Cluster Manager |

1.3.1 with Aspera High-Speed Transfer Server 3.9.3 and earlier

IBM Aspera Application Platform On Demand |

3.7.4 and earlier

IBM Aspera Faspex On Demand |

3.7.4 and earlier

IBM Aspera Server On Demand | 3.7.4 and earlier
IBM Aspera Shares On Demand | 3.7.4 and earlier
IBM Aspera Streaming | 3.9.3 and earlier
IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) | 3.9.10 and earlier

Remediation/Fixes

Workarounds and Mitigations

N/A