CVE-2020-4434

CVSS 7.5 HIGHEPSS 2.6%

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.5EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 jun 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.

CVSS:3.0/AC:H/I:H/UI:N/A:H/AV:N/C:H/S:U/PR:L/RL:O/E:U/RC:C

Produtos afetados

IBM · Aspera Application Platform On Demand IBM · Aspera Faspex On Demand IBM · Aspera High-Speed Transfer Endpoint IBM · Aspera High-Speed Transfer Server IBM · Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)IBM · Aspera Proxy Server IBM · Aspera Server On Demand IBM · Aspera Shares On Demand IBM · Aspera Streaming IBM · Aspera Transfer Cluster Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://exchange.xforce.ibmcloud.com/vulnerabilities/180900 https://www.ibm.com/support/pages/node/6221324