CVE-2020-4434
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.
Determinadas aplicaciones de IBM Aspera son vulnerables a un desbordamiento del búfer basado en la configuración del producto y la autenticación válida, lo que podría permitir a un atacante con un conocimiento profundo del sistema ejecutar código arbitrario o llevar a cabo una denegación de servicio (DoS) por medio del servicio fallback de http. IBM X-Force ID: 180900
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-30 CVE Reserved
- 2020-06-10 CVE Published
- 2024-06-16 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/180900 | 2020-06-15 | |
| https://www.ibm.com/support/pages/node/6221324 | 2020-06-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Aspera Application Platform On Demand Search vendor "Ibm" for product "Aspera Application Platform On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Application Platform On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Faspex On Demand Search vendor "Ibm" for product "Aspera Faspex On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Faspex On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera High-speed Transfer Endpoint Search vendor "Ibm" for product "Aspera High-speed Transfer Endpoint" | <= 3.9.3 Search vendor "Ibm" for product "Aspera High-speed Transfer Endpoint" and version " <= 3.9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera High-speed Transfer Server Search vendor "Ibm" for product "Aspera High-speed Transfer Server" | <= 3.9.3 Search vendor "Ibm" for product "Aspera High-speed Transfer Server" and version " <= 3.9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera High-speed Transfer Server For Cloud Pak For Integration Search vendor "Ibm" for product "Aspera High-speed Transfer Server For Cloud Pak For Integration" | <= 3.9.10 Search vendor "Ibm" for product "Aspera High-speed Transfer Server For Cloud Pak For Integration" and version " <= 3.9.10" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Proxy Server Search vendor "Ibm" for product "Aspera Proxy Server" | <= 1.4.3 Search vendor "Ibm" for product "Aspera Proxy Server" and version " <= 1.4.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Server On Demand Search vendor "Ibm" for product "Aspera Server On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Server On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Shares On Demand Search vendor "Ibm" for product "Aspera Shares On Demand" | <= 3.7.4 Search vendor "Ibm" for product "Aspera Shares On Demand" and version " <= 3.7.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Streaming Search vendor "Ibm" for product "Aspera Streaming" | <= 3.9.3 Search vendor "Ibm" for product "Aspera Streaming" and version " <= 3.9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aspera Transfer Cluster Manager Search vendor "Ibm" for product "Aspera Transfer Cluster Manager" | <= 1.3.1 Search vendor "Ibm" for product "Aspera Transfer Cluster Manager" and version " <= 1.3.1" | - |
Affected
| ||||||