CRITICAL🇵🇱 Wersja polska

CVE-2026-8175

CVSS 9.8v3.1pub. 2026-05-27upd. 2026-06-05

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-122 (heap-based buffer overflow) occurs in the asperahttpd component responsible for handling HTTP requests in IBM Aspera products. An attacker can send a specially crafted network request that causes a heap buffer overflow. Memory overwriting can lead to process destabilization (DoS), authentication mechanism bypass, or seizure of control over code execution on the server.

Impact

An attacker requiring no authentication can remotely cause service unavailability, bypass authentication mechanisms, or gain full control over the system through remote code execution (RCE). The vulnerability has a critical impact on the confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the vendor according to references: https://www.ibm.com/support/pages/node/7273615. Urgent update to a patched version is recommended, and network access to the asperahttpd component should be restricted to trusted hosts only until the patch is applied.

Who is affected

IBM Aspera High-Speed Transfer Endpoint in versions 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server in versions 3.7.4 through 4.4.7 Fix Pack 1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Aspera High Speed Transfer Endpoint

    APP
    Ibm
    4.4.73.7.4 – 4.4.6
  • IBM Aspera High Speed Transfer Server

    APP
    Ibm
    4.4.73.7.4 – 4.4.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassDoSMemory
CWE
References

Related vulnerabilities

CVE-2026-8180HIGH7.5ten sam produkt

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...

CVE-2026-8179HIGH8.8ten sam produkt

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv...

CVE-2020-4434HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid...

CVE-2020-4435HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configurati...

CVE-2020-4436HIGH7.5ten sam produkt

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allo...