← back
CVE-2020-4436

CVE-2020-4436

CVSS 8.8 HIGHEPSS 3.1%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 3.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jun 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.
CVSS:3.0/AV:N/A:H/C:H/S:U/PR:L/AC:L/UI:N/I:H/RL:O/E:U/RC:C
Affected products
IBM · Aspera Application Platform On DemandIBM · Aspera Faspex On DemandIBM · Aspera High-Speed Transfer EndpointIBM · Aspera High-Speed Transfer ServerIBM · Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)IBM · Aspera Proxy ServerIBM · Aspera Server On DemandIBM · Aspera Shares On DemandIBM · Aspera StreamingIBM · Aspera Transfer Cluster Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/180902https://www.ibm.com/support/pages/node/6221324