FKIE_CVE-2020-4435

Vulnerability from fkie_nvd - Published: 2020-06-10 13:15 - Updated: 2024-11-21 05:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/180901VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6221324Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/180901VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6221324Vendor Advisory
Impacted products
Vendor Product Version
ibm aspera_application_platform_on_demand *
ibm aspera_faspex_on_demand *
ibm aspera_high-speed_transfer_endpoint *
ibm aspera_high-speed_transfer_server *
ibm aspera_high-speed_transfer_server_for_cloud_pak_for_integration *
ibm aspera_proxy_server *
ibm aspera_server_on_demand *
ibm aspera_shares_on_demand *
ibm aspera_streaming *
ibm aspera_transfer_cluster_manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:aspera_application_platform_on_demand:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95A13919-235B-4552-B7E8-E242A1506F33",
              "versionEndIncluding": "3.7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_faspex_on_demand:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F36A48ED-D90F-4479-95F5-241763D19EAF",
              "versionEndIncluding": "3.7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4F8C19B-4648-40A0-89C4-A5002DE60C08",
              "versionEndIncluding": "3.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_high-speed_transfer_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3908B54-5170-4122-BC5A-F290C6187491",
              "versionEndIncluding": "3.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_high-speed_transfer_server_for_cloud_pak_for_integration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3A89EF-5F28-4983-82AC-403F6CC41BC5",
              "versionEndIncluding": "3.9.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_proxy_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EBEFDD-35ED-4ADC-85F9-8FEA7778CE9C",
              "versionEndIncluding": "1.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_server_on_demand:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DF3254-9B03-4D93-A962-EF491CB27366",
              "versionEndIncluding": "3.7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_shares_on_demand:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91B20E9-06BE-43CD-92B2-44BDA086C507",
              "versionEndIncluding": "3.7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_streaming:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB5EC07-527C-4A35-9302-99A5DA1966AB",
              "versionEndIncluding": "3.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:aspera_transfer_cluster_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30F42FA-076C-440B-B04A-55AB5F9974B0",
              "versionEndIncluding": "1.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901."
    },
    {
      "lang": "es",
      "value": "Determinadas aplicaciones de IBM Aspera son vulnerables a una corrupci\u00f3n arbitraria de la memoria basada en la configuraci\u00f3n del producto, lo que podr\u00eda permitir a un atacante con un conocimiento profundo del sistema ejecutar c\u00f3digo arbitrario o llevar a cabo una denegaci\u00f3n de servicio (DoS) por medio del servicio fallback de http. IBM X-Force ID: 180901"
    }
  ],
  "id": "CVE-2020-4435",
  "lastModified": "2024-11-21T05:32:44.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-10T13:15:17.587",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180901"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6221324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6221324"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.