CVE-2020-4436
published 2020-06-10CVE-2020-4436: Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the…
high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| ibm | aspera_application_platform_on_demand | <= 3.7.4 | — |
| ibm | aspera_application_platform_on_demand | — | — |
| ibm | aspera_faspex_on_demand | <= 3.7.4 | — |
| ibm | aspera_faspex_on_demand | — | — |
| ibm | aspera_high-speed_transfer_endpoint | <= 3.9.3 | — |
| ibm | aspera_high-speed_transfer_endpoint | — | — |
| ibm | aspera_high-speed_transfer_server | <= 3.9.3 | — |
| ibm | aspera_high-speed_transfer_server | — | — |
| ibm | aspera_high-speed_transfer_server_for_cloud_pak_for_integration | <= 3.9.10 | — |
| ibm | aspera_high-speed_transfer_server_for_cloud_pak_for_integration | — | — |
| ibm | aspera_proxy_server | <= 1.4.3 | — |
| ibm | aspera_proxy_server | — | — |
| ibm | aspera_server_on_demand | <= 3.7.4 | — |
| ibm | aspera_server_on_demand | — | — |
| ibm | aspera_shares_on_demand | <= 3.7.4 | — |
| ibm | aspera_shares_on_demand | — | — |
| ibm | aspera_streaming | <= 3.9.3 | — |
| ibm | aspera_streaming | — | — |
| ibm | aspera_transfer_cluster_manager | <= 1.3.1 | — |
| ibm | aspera_transfer_cluster_manager | — | — |