PT-2020-18122 · Ibm · Ibm Aspera Connect

Published

2020-09-04

Updated

2020-09-10

CVE-2020-4545

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Aspera Connect version 3.9.9

Description The issue is caused by improper loading of Dynamic Link Libraries by the import feature, allowing a remote attacker to execute arbitrary code on the system. An attacker could exploit this by persuading a victim to open a specially-crafted .DLL file.

Recommendations For IBM Aspera Connect version 3.9.9, update to a version that addresses the improper loading of Dynamic Link Libraries to prevent arbitrary code execution. As a temporary workaround, consider restricting the import feature to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2020-4545

Affected Products

Ibm Aspera Connect

PT-2020-18122 · Ibm · Ibm Aspera Connect

CVE-2020-4545

Weakness Enumeration

Related Identifiers

Affected Products

References · 5