CVE-2020-4433

moderate-risk

Published 2020-06-10

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Do I need to act?

3.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (10)

Aspera Application Platform On Demand

Aspera Faspex On Demand

Aspera High-Speed Transfer Endpoint

Aspera High-Speed Transfer Server

Aspera High-Speed Transfer Server For Cloud Pak For Integration

Aspera Proxy Server

Aspera Server On Demand

Aspera Shares On Demand

Aspera Streaming

Aspera Transfer Cluster Manager

Affected Vendors

Ibm

References (4)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/180814

Vendor Advisory https://www.ibm.com/support/pages/node/6221324

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/180814

Vendor Advisory https://www.ibm.com/support/pages/node/6221324

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 7/34 · Low

Exposure 16/34 · Moderate