CVE-2020-4434

Name: CVE-2020-4434
Creator: NVD / NIST
Published: 2020-06-10T13:15:17.477+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.60%

Last modified Jun 17, 2026

CVE-2020-4434 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.. EPSS estimates a 2.60% chance of exploitation in the next 30 days.

Description

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.60%

83.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Ibm	Aspera Application Platform On Demand	<= 3.7.4
Ibm	Aspera Faspex On Demand	<= 3.7.4
Ibm	Aspera High-Speed Transfer Endpoint	<= 3.9.3
Ibm	Aspera High-Speed Transfer Server	<= 3.9.3
Ibm	Aspera High-Speed Transfer Server For Cloud Pak For Integration	<= 3.9.10
Ibm	Aspera Proxy Server	<= 1.4.3
Ibm	Aspera Server On Demand	<= 3.7.4
Ibm	Aspera Shares On Demand	<= 3.7.4
Ibm	Aspera Streaming	<= 3.9.3
Ibm	Aspera Transfer Cluster Manager	<= 1.3.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/180900VDB Entry, Vendor Advisory
https://www.ibm.com/support/pages/node/6221324Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/180900VDB Entry, Vendor Advisory
https://www.ibm.com/support/pages/node/6221324Vendor Advisory

Timeline

Published: Jun 10, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-4434?

How severe is CVE-2020-4434?

CVE-2020-4434 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.60% probability of exploitation in the next 30 days.

How do I fix CVE-2020-4434?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-4434?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST