Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436)

Jun 9, 2020 8:00 pm EDT

Categorized: High Severity

Share this post:

Certain IBM Aspera applications are vulnerable to the following vulnerabilities based on product configuration and/or valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS). The vulnerabilities are fixed in the listed product versions below.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Aspera High-Speed Transfer Server	3.9.3 and earlier
IBM Aspera High-Speed Transfer Endpoint	3.9.3 and earlier
IBM Aspera Proxy Server	1.4.3 and earlier
IBM Aspera Transfer Cluster Manager	1.3.1 with Aspera High-Speed Transfer Server 3.9.3 and earlier
IBM Aspera Application Platform On Demand	3.7.4 and earlier
IBM Aspera Faspex On Demand	3.7.4 and earlier
IBM Aspera Server On Demand	3.7.4 and earlier
IBM Aspera Shares On Demand	3.7.4 and earlier
IBM Aspera Streaming	3.9.3 and earlier
IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)	3.9.10 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6221324

from IBM Product Security Incident Response Team https://ift.tt/30rhUCM