Lucene search

IBMD3A338CD48811F0BCE28E673835494A7A362230CF61C610C494D5B22357EC8FF

HistoryMar 28, 2023 - 1:42 a.m.

Security Bulletin: IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 have addressed multiple buffer overflow vulnerabilities (CVE-2023-27286, CVE-2023-27284)

2023-03-2801:42:04

www.ibm.com

ibm aspera

connect

cargo

buffer overflow

vulnerabilities

remediation

ibm

4.2.5

cve-2023-27286

cve-2023-27284

windows

linux

mac os

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

Summary

This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5.

Vulnerability Details

CVEID:CVE-2023-27286
DESCRIPTION: IBM Aspera Cargo and IBM Aspera Connect are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248627 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-27284
**DESCRIPTION:**IBM Aspera Cargo and IBM Aspera Connect are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248616 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Aspera Cargo	v4.2.4 and prior versions
IBM Aspera Connect	v4.2.4 and prior versions

Remediation/Fixes

It is recommended to apply the fix as soon as possible, see link below.

Product(s)	Fixing VRM	Platform(s)	Link to Fix
IBM Aspera Cargo

4.2.5

| Windows| click here
IBM Aspera Cargo|

4.2.5

| Linux| click here
IBM Aspera Cargo|

4.2.5

| Mac OS| click here
IBM Aspera Connect|

4.2.5

| Windows| click here
IBM Aspera Connect|

4.2.5

| Linux| click here
IBM Aspera Connect|

4.2.5

| Mac OS| click here

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmaspera_faspex_on_demandMatch5.0

ibmaspera_shares_on_demandMatch1.10

ibmaspera_connectMatch4.2.5

ibmaspera_cargoMatch4.2.5

ibmaspera_sharesMatch1.10

ibmaspera_on_cloudMatch1.0

ibmaspera_streamingMatch1.0

ibmaspera_server_on_demandMatch1.1

ibmaspera_faspexMatch1.0

ibmaspera_server_on_demandMatch1.0

ibmaspera_faspexMatch5.0

CPENameOperatorVersion
ibm aspera faspex on demandeq5.0
ibm aspera shares on demandeq1.10
ibm aspera connecteq4.2.5
ibm aspera cargoeq4.2.5
ibm aspera shareseq1.10
ibm aspera on cloudeq1.0
ibm asperaeq1.0
ibm aspera enterprise on demandeq1.1
ibm aspera enterpriseeq1.0
ibm aspera on demandeq1.0

Name	Operator	Version
ibm aspera faspex on demand	eq	5.0
ibm aspera shares on demand	eq	1.10
ibm aspera connect	eq	4.2.5
ibm aspera cargo	eq	4.2.5
ibm aspera shares	eq	1.10
ibm aspera on cloud	eq	1.0
ibm aspera	eq	1.0
ibm aspera enterprise on demand	eq	1.1
ibm aspera enterprise	eq	1.0
ibm aspera on demand	eq	1.0

Rows per page:

1-10 of 111

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for D3A338CD48811F0BCE28E673835494A7A362230CF61C610C494D5B22357EC8FF