CVE-2020-4433
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.
Determinadas aplicaciones de IBM Aspera son vulnerables a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación inapropiada de los límites. Esto podría permitir a un atacante remoto con conocimiento íntimo del servidor ejecutar código arbitrario en el sistema con los privilegios root o causar que el servidor se bloquee. IBM X-Force ID: 180814
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-30 CVE Reserved
- 2020-06-10 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/180814 | 2021-07-21 | |
| https://www.ibm.com/support/pages/node/6221324 | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Aspera Application Platform On Demand Search vendor "Ibm" for product "Aspera Application Platform On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Application Platform On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Faspex On Demand Search vendor "Ibm" for product "Aspera Faspex On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Faspex On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera High-speed Transfer Endpoint Search vendor "Ibm" for product "Aspera High-speed Transfer Endpoint" | <= 3.9.3 Search vendor "Ibm" for product "Aspera High-speed Transfer Endpoint" and version " <= 3.9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera High-speed Transfer Server Search vendor "Ibm" for product "Aspera High-speed Transfer Server" | <= 3.9.3 Search vendor "Ibm" for product "Aspera High-speed Transfer Server" and version " <= 3.9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera High-speed Transfer Server For Cloud Pak For Integration Search vendor "Ibm" for product "Aspera High-speed Transfer Server For Cloud Pak For Integration" | <= 3.9.10 Search vendor "Ibm" for product "Aspera High-speed Transfer Server For Cloud Pak For Integration" and version " <= 3.9.10" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Proxy Server Search vendor "Ibm" for product "Aspera Proxy Server" | <= 1.4.3 Search vendor "Ibm" for product "Aspera Proxy Server" and version " <= 1.4.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Server On Demand Search vendor "Ibm" for product "Aspera Server On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Server On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Shares On Demand Search vendor "Ibm" for product "Aspera Shares On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Shares On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Streaming Search vendor "Ibm" for product "Aspera Streaming" | <= 3.9.3 Search vendor "Ibm" for product "Aspera Streaming" and version " <= 3.9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Transfer Cluster Manager Search vendor "Ibm" for product "Aspera Transfer Cluster Manager" | <= 1.3.1 Search vendor "Ibm" for product "Aspera Transfer Cluster Manager" and version " <= 1.3.1" | - |
Affected
| ||||||