CVE-2020-4435
HIGHIBM Aspera Products - Arbitrary Memory Corruption via HTTP Fallback Service
Title source: llmDescription
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6221324
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/180901
Scores
CVSS v3
7.5
EPSS
0.0162
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (10)
ibm/aspera_application_platform_on_demand
< 3.7.4
ibm/aspera_faspex_on_demand
< 3.7.4
ibm/aspera_high-speed_transfer_endpoint
< 3.9.3
ibm/aspera_high-speed_transfer_server
< 3.9.3
ibm/aspera_high-speed_transfer_server_for_cloud_pak_for_integration
< 3.9.10
ibm/aspera_proxy_server
< 1.4.3
ibm/aspera_server_on_demand
< 3.7.4
ibm/aspera_shares_on_demand
< 3.7.4
ibm/aspera_streaming
< 3.9.3
ibm/aspera_transfer_cluster_manager
< 1.3.1
Published
Jun 10, 2020
Tracked Since
Feb 18, 2026