Vulnerabilities > CVE-2020-4433 - Out-of-bounds Write vulnerability in IBM products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

ibm

CWE-787

critical

NVD

Published: 2020-06-10

Updated: 2021-07-21

Summary

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Aspera Application Platform ON Demand - IBM Aspera Application Platform ON Demand 3.7.4 IBM Aspera Faspex ON Demand - IBM Aspera Faspex ON Demand 3.7.4 IBM Aspera High Speed Transfer Endpoint - IBM Aspera High Speed Transfer Endpoint 3.9.3 IBM Aspera High Speed Transfer Server - IBM Aspera High Speed Transfer Server 3.9.3 IBM Aspera High Speed Transfer Server FOR Cloud PAK FOR Integration - IBM Aspera High Speed Transfer Server FOR Cloud PAK FOR Integration 3.9.10 IBM Aspera Proxy Server - IBM Aspera Proxy Server 1.4.3 IBM Aspera Server ON Demand - IBM Aspera Server ON Demand 3.7.4 IBM Aspera Shares ON Demand - IBM Aspera Shares ON Demand 3.7.4 IBM Aspera Streaming - IBM Aspera Streaming 3.9.3 IBM Aspera Transfer Cluster Manager - IBM Aspera Transfer Cluster Manager 1.3.1	20

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References