HIGH🇵🇱 Wersja polska

CVE-2020-4434

CVSS 7.5v3.1pub. 2020-06-10upd. 2024-11-21

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • IBM Aspera Application Platform On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera Faspex On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera High Speed Transfer Endpoint

    APP
    Ibm
    ≤ 3.9.3
  • IBM Aspera High Speed Transfer Server

    APP
    Ibm
    ≤ 3.9.3
  • IBM Aspera High Speed Transfer Server For Cloud Pak For Integration

    APP
    Ibm
    ≤ 3.9.10
  • IBM Aspera Proxy Server

    APP
    Ibm
    ≤ 1.4.3
  • IBM Aspera Server On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera Shares On Demand

    APP
    Ibm
    ≤ 3.7.4
  • IBM Aspera Streaming

    APP
    Ibm
    ≤ 3.9.3
  • IBM Aspera Transfer Cluster Manager

    APP
    Ibm
    ≤ 1.3.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2026-7876CRITICAL9.1PL ✓ten sam produkt

Authentication bypass w IBM Aspera HSTS for CP4I umożliwia nieautoryzowany dostęp do plików

CVE-2026-8175CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w IBM Aspera High-Speed Transfer umożliwiający RCE i Auth Bypass

CVE-2026-8180HIGH7.5ten sam produkt

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...

CVE-2026-8179HIGH8.8ten sam produkt

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...

CVE-2020-4432HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could al...