Vulnerability Details CVE-2020-4435
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.0
References
Products affected by CVE-2020-4435
-
cpe:2.3:a:ibm:aspera_application_platform_on_demand:-
-
cpe:2.3:a:ibm:aspera_application_platform_on_demand:3.7.4
-
cpe:2.3:a:ibm:aspera_faspex_on_demand:-
-
cpe:2.3:a:ibm:aspera_faspex_on_demand:3.7.4
-
cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:-
-
cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:3.9.3
-
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:-
-
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:3.9.3
-
cpe:2.3:a:ibm:aspera_high-speed_transfer_server_for_cloud_pak_for_integration:-
-
cpe:2.3:a:ibm:aspera_high-speed_transfer_server_for_cloud_pak_for_integration:3.9.10
-
cpe:2.3:a:ibm:aspera_proxy_server:-
-
cpe:2.3:a:ibm:aspera_proxy_server:1.4.3
-
cpe:2.3:a:ibm:aspera_server_on_demand:-
-
cpe:2.3:a:ibm:aspera_server_on_demand:3.7.4
-
cpe:2.3:a:ibm:aspera_shares_on_demand:-
-
cpe:2.3:a:ibm:aspera_shares_on_demand:3.7.4
-
cpe:2.3:a:ibm:aspera_streaming:-
-
cpe:2.3:a:ibm:aspera_streaming:3.9.3
-
cpe:2.3:a:ibm:aspera_transfer_cluster_manager:-
-
cpe:2.3:a:ibm:aspera_transfer_cluster_manager:1.3.1