CVE-2020-4435 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-4435?

CVE-2020-4435 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-4435?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aspera Application Platform On Demand, Ibm Aspera Faspex On Demand, Ibm Aspera High-Speed Transfer Endpoint, Ibm Aspera High-Speed Transfer Server, Ibm Aspera High-Speed Transfer Server For Cloud Pak For Integration.

Vulnerability Description

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	Aspera Application Platform On Demand	<= 3.7.4
Ibm	Aspera Faspex On Demand	<= 3.7.4
Ibm	Aspera High-Speed Transfer Endpoint	<= 3.9.3
Ibm	Aspera High-Speed Transfer Server	<= 3.9.3
Ibm	Aspera High-Speed Transfer Server For Cloud Pak For Integration	<= 3.9.10
Ibm	Aspera Proxy Server	<= 1.4.3
Ibm	Aspera Server On Demand	<= 3.7.4
Ibm	Aspera Shares On Demand	<= 3.7.4
Ibm	Aspera Streaming	<= 3.9.3
Ibm	Aspera Transfer Cluster Manager	<= 1.3.1

Related Weaknesses (CWE)

CWE-787

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/180901VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6221324Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/180901VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6221324Vendor Advisory

FAQ

What is CVE-2020-4435?

CVE-2020-4435 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitra...

How severe is CVE-2020-4435?

CVE-2020-4435 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4435?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aspera Application Platform On Demand, Ibm Aspera Faspex On Demand, Ibm Aspera High-Speed Transfer Endpoint, Ibm Aspera High-Speed Transfer Server, Ibm Aspera High-Speed Transfer Server For Cloud Pak For Integration.