CVE-2020-4433

Description

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

References

Link	Tags
https://www.ibm.com/support/pages/node/6221324	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/180814	vdb entry vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-4433?: CVE-2020-4433 has been scored as a high severity vulnerability.
How to fix CVE-2020-4433?: To fix CVE-2020-4433, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-4433 being actively exploited in the wild?: It is possible that CVE-2020-4433 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-4433?: CVE-2020-4433 affects IBM Aspera Faspex On Demand, IBM Aspera Server On Demand, IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I), IBM Aspera High-Speed Transfer Endpoint, IBM Aspera Streaming, IBM Aspera Transfer Cluster Manager, IBM Aspera High-Speed Transfer Server, IBM Aspera Shares On Demand, IBM Aspera Application Platform On Demand, IBM Aspera Proxy Server.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions