VYPR

Aspera

by IBM

CVEs (9)

  • CVE-2025-36225Oct 9, 2025
    risk 0.00cvss epss 0.00

    IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.

  • CVE-2023-27286Mar 28, 2023
    risk 0.00cvss epss 0.01

    IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.

  • CVE-2023-27284Mar 28, 2023
    risk 0.00cvss epss 0.01

    IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.

  • CVE-2021-38870Sep 23, 2021
    risk 0.00cvss epss 0.00

    IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343.

  • CVE-2020-4436Jun 10, 2020
    risk 0.00cvss epss 0.03

    Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.

  • CVE-2020-4435Jun 10, 2020
    risk 0.00cvss epss 0.02

    Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service.…

  • CVE-2020-4434Jun 10, 2020
    risk 0.00cvss epss 0.03

    Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http…

  • CVE-2020-4433Jun 10, 2020
    risk 0.00cvss epss 0.05

    Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to…

  • CVE-2020-4432Jun 10, 2020
    risk 0.00cvss epss 0.03

    Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.