Vulnerabilities > CVE-2020-4435 - Out-of-bounds Write vulnerability in IBM products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

ibm

CWE-787

NVD

Published: 2020-06-10

Updated: 2021-07-21

Summary

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Aspera High Speed Transfer Server FOR Cloud PAK FOR Integration - IBM Aspera High Speed Transfer Server FOR Cloud PAK FOR Integration 3.9.10 IBM Aspera Shares ON Demand - IBM Aspera Shares ON Demand 3.7.4 IBM Aspera Server ON Demand - IBM Aspera Server ON Demand 3.7.4 IBM Aspera Faspex ON Demand - IBM Aspera Faspex ON Demand 3.7.4 IBM Aspera Application Platform ON Demand - IBM Aspera Application Platform ON Demand 3.7.4 IBM Aspera Transfer Cluster Manager - IBM Aspera Transfer Cluster Manager 1.3.1 IBM Aspera Proxy Server - IBM Aspera Proxy Server 1.4.3 IBM Aspera High Speed Transfer Server - IBM Aspera High Speed Transfer Server 3.9.3 IBM Aspera Streaming - IBM Aspera Streaming 3.9.3 IBM Aspera High Speed Transfer Endpoint - IBM Aspera High Speed Transfer Endpoint 3.9.3	20

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References