CVE-2020-4436

CVSS 8.8 HIGHEPSS 3.1%

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 3.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 jun 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.

CVSS:3.0/AV:N/A:H/C:H/S:U/PR:L/AC:L/UI:N/I:H/RL:O/E:U/RC:C

Produtos afetados

IBM · Aspera Application Platform On Demand IBM · Aspera Faspex On Demand IBM · Aspera High-Speed Transfer Endpoint IBM · Aspera High-Speed Transfer Server IBM · Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)IBM · Aspera Proxy Server IBM · Aspera Server On Demand IBM · Aspera Shares On Demand IBM · Aspera Streaming IBM · Aspera Transfer Cluster Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://exchange.xforce.ibmcloud.com/vulnerabilities/180902 https://www.ibm.com/support/pages/node/6221324