CVE-2020-4433 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-4433?

CVE-2020-4433 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-4433?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aspera Application Platform On Demand, Ibm Aspera Faspex On Demand, Ibm Aspera High-Speed Transfer Endpoint, Ibm Aspera High-Speed Transfer Server, Ibm Aspera High-Speed Transfer Server For Cloud Pak For Integration.

Vulnerability Description

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	Aspera Application Platform On Demand	<= 3.7.4
Ibm	Aspera Faspex On Demand	<= 3.7.4
Ibm	Aspera High-Speed Transfer Endpoint	<= 3.9.3
Ibm	Aspera High-Speed Transfer Server	<= 3.9.3
Ibm	Aspera High-Speed Transfer Server For Cloud Pak For Integration	<= 3.9.10
Ibm	Aspera Proxy Server	<= 1.4.3
Ibm	Aspera Server On Demand	<= 3.7.4
Ibm	Aspera Shares On Demand	<= 3.7.4
Ibm	Aspera Streaming	<= 3.9.3
Ibm	Aspera Transfer Cluster Manager	<= 1.3.1

Related Weaknesses (CWE)

CWE-20 CWE-787

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/180814VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6221324Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/180814VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6221324Vendor Advisory

FAQ

What is CVE-2020-4433?

CVE-2020-4433 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute...

How severe is CVE-2020-4433?

CVE-2020-4433 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4433?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aspera Application Platform On Demand, Ibm Aspera Faspex On Demand, Ibm Aspera High-Speed Transfer Endpoint, Ibm Aspera High-Speed Transfer Server, Ibm Aspera High-Speed Transfer Server For Cloud Pak For Integration.