OpenSSL vulnerabilites impacting IBM Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop 3.9.1, Aspera Connect 3.7.4 and earlier (CVE-2019-1552). The vulnerabilities are fixed in IBM Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop 3.9.6, and Aspera Connect 3.9.8.
CVEID:CVE-2019-1552
**DESCRIPTION:**OpenSSL could allow a local attacker to bypass security restrictions, caused by the building of . mingw programs or Windows programs with world writable path defaults. An attacker could exploit this vulnerability to modify default configuration, insert CA certificates, modify (or even replace) existing engine modules.
CVSS Base score: 2.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164498 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Aspera Desktop Client | 3.9.1 and earlier |
IBM Aspera High-Speed Transfer Server | 3.9.1 and earlier |
IBM Aspera High-Speed Transfer Endpoint | 3.9.1 and earlier |
IBM Aspera Connect | 3.7.4 and earlier |
Affected Product(s) | Version(s) |
---|---|
IBM Aspera Desktop Client | 3.9.6 |
IBM Aspera High-Speed Transfer Server | 3.9.6 |
IBM Aspera High-Speed Transfer Endpoint | 3.9.6 |
Connect | 3.9.8 |
None