CVE-2020-4435

CVSS 7.5 HIGHEPSS 1.6%

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.5EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 jun 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

CVSS:3.0/I:H/AC:H/UI:N/A:H/AV:N/C:H/S:U/PR:L/RL:O/E:U/RC:C

Produtos afetados

IBM · Aspera Application Platform On Demand IBM · Aspera Faspex On Demand IBM · Aspera High-Speed Transfer Endpoint IBM · Aspera High-Speed Transfer Server IBM · Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)IBM · Aspera Proxy Server IBM · Aspera Server On Demand IBM · Aspera Shares On Demand IBM · Aspera Streaming IBM · Aspera Transfer Cluster Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://exchange.xforce.ibmcloud.com/vulnerabilities/180901 https://www.ibm.com/support/pages/node/6221324