U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:aspera_shares_on_demand:-:*:*:*:*:*:*:*
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2020-4436

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.

Published: June 10, 2020; 9:15:17 AM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2020-4435

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.

Published: June 10, 2020; 9:15:17 AM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2020-4434

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.

Published: June 10, 2020; 9:15:17 AM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2020-4433

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Published: June 10, 2020; 9:15:17 AM -0400
V3.1: 7.5 HIGH
V2.0: 9.3 HIGH
CVE-2020-4432

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.

Published: June 10, 2020; 9:15:16 AM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM