Aspera Application Platform On Demand
CVE-2020-4435
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
AnalysisAI
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901. Affected products include: Ibm Aspera Application Platform On Demand, Ibm Aspera Faspex On Demand, Ibm Aspera High-Speed Transfer Endpoint, Ibm Aspera High-Speed Transfer Server, Ibm Aspera High-Speed Transfer Server For Cloud Pak For Integration.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attac
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentic
Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rat
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an att
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today