Vulnerabilities > IBM > Aspera High Speed Transfer Endpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-14 | CVE-2022-22391 | Unspecified vulnerability in IBM products IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. | 4.3 |
| 2020-06-10 | CVE-2020-4436 | Classic Buffer Overflow vulnerability in IBM products Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. | 7.5 |
| 2020-06-10 | CVE-2020-4435 | Out-of-bounds Write vulnerability in IBM products Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. | 7.5 |
| 2020-06-10 | CVE-2020-4434 | Classic Buffer Overflow vulnerability in IBM products Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. | 7.5 |
| 2020-06-10 | CVE-2020-4433 | Out-of-bounds Write vulnerability in IBM products Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 7.5 |
| 2020-06-10 | CVE-2020-4432 | Command Injection vulnerability in IBM products Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. | 7.5 |