CVE-2020-4432
published 2020-06-10CVE-2020-4432: Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the…
high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aspera_application_platform_on_demand | <= 3.7.4 | — |
| ibm | aspera_application_platform_on_demand | — | — |
| ibm | aspera_faspex_on_demand | <= 3.7.4 | — |
| ibm | aspera_faspex_on_demand | — | — |
| ibm | aspera_high-speed_transfer_endpoint | <= 3.9.3 | — |
| ibm | aspera_high-speed_transfer_endpoint | — | — |
| ibm | aspera_high-speed_transfer_server | <= 3.9.3 | — |
| ibm | aspera_high-speed_transfer_server | — | — |
| ibm | aspera_high-speed_transfer_server_for_cloud_pak_for_integration | <= 3.9.10 | — |
| ibm | aspera_high-speed_transfer_server_for_cloud_pak_for_integration | — | — |
| ibm | aspera_proxy_server | <= 1.4.3 | — |
| ibm | aspera_proxy_server | — | — |
| ibm | aspera_server_on_demand | <= 3.7.4 | — |
| ibm | aspera_server_on_demand | — | — |
| ibm | aspera_shares_on_demand | <= 3.7.4 | — |
| ibm | aspera_shares_on_demand | — | — |
| ibm | aspera_streaming | <= 3.9.3 | — |
| ibm | aspera_streaming | — | — |
| ibm | aspera_transfer_cluster_manager | <= 1.3.1 | — |
| ibm | aspera_transfer_cluster_manager | — | — |