Jun 9, 2020 8:00 pm EDT
Categorized: High Severity
Share this post:
Certain IBM Aspera applications are vulnerable to the following vulnerabilities based on product configuration and/or valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS). The vulnerabilities are fixed in the listed product versions below.
Affected product(s) and affected version(s):
Affected Product(s) |
Version(s) |
IBM Aspera High-Speed Transfer Server |
3.9.3 and earlier |
IBM Aspera High-Speed Transfer Endpoint | 3.9.3 and earlier |
IBM Aspera Proxy Server | 1.4.3 and earlier |
IBM Aspera Transfer Cluster Manager |
1.3.1 with Aspera High-Speed Transfer Server 3.9.3 and earlier |
IBM Aspera Application Platform On Demand |
3.7.4 and earlier |
IBM Aspera Faspex On Demand |
3.7.4 and earlier |
IBM Aspera Server On Demand | 3.7.4 and earlier |
IBM Aspera Shares On Demand | 3.7.4 and earlier |
IBM Aspera Streaming | 3.9.3 and earlier |
IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) | 3.9.10 and earlier |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6221324
from IBM Product Security Incident Response Team https://ift.tt/30rhUCM
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.