Command injection

2020-06-1013:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.

CPENameOperatorVersion
aspera_application_platform_on_demandle3.7.4
aspera_faspex_on_demandle3.7.4
aspera_high-speed_transfer_endpointle3.9.3
aspera_high-speed_transfer_serverle3.9.3
aspera_high-speed_transfer_server_for_cloud_pak_for_integrationle3.9.10
aspera_proxy_serverle1.4.3
aspera_server_on_demandle3.7.4
aspera_shares_on_demandle3.7.4
aspera_streamingle3.9.3
aspera_transfer_cluster_managerle1.3.1

Name	Operator	Version
aspera_application_platform_on_demand	le	3.7.4
aspera_faspex_on_demand	le	3.7.4
aspera_high-speed_transfer_endpoint	le	3.9.3
aspera_high-speed_transfer_server	le	3.9.3
aspera_high-speed_transfer_server_for_cloud_pak_for_integration	le	3.9.10
aspera_proxy_server	le	1.4.3
aspera_server_on_demand	le	3.7.4
aspera_shares_on_demand	le	3.7.4
aspera_streaming	le	3.9.3
aspera_transfer_cluster_manager	le	1.3.1