Description
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system.
Published: 2026-05-27
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the asperahttpd component of IBM Aspera High-Speed Transfer Endpoint and Server. A buffer overflow can be triggered by a specially crafted request, allowing an attacker who has authenticated to the service to execute arbitrary code with the privileges of the service process. This flaw compromises the confidentiality, integrity, and availability of the affected system.

Affected Systems

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server versions 3.7.4 through 4.4.7 Fix Pack 1 are affected. The official fix is the 4.4.7 Fix Pack 2 release for both products.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS data is unavailable, but the vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation as of this analysis. The attack requires authentication to asperahttpd, so the threat is primarily to users with legitimate access who can impersonate or misuse the service. Nevertheless, the ability to execute arbitrary code means that compromised accounts could give attackers full system control.

Generated by OpenCVE AI on May 27, 2026 at 19:59 UTC.

Remediation

Vendor Solution

Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)

OpenCVE Recommended Actions

  • Apply IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 or later.
  • Apply IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 or later.
  • Restrict access to the asperahttpd service to only trusted, authenticated users and monitor for anomalous activity.

Generated by OpenCVE AI on May 27, 2026 at 19:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:fixpack1:*:*:*:*:*:*

Thu, 28 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aspera High-speed Transfer Endpoint
Ibm aspera High-speed Transfer Server
Vendors & Products Ibm aspera High-speed Transfer Endpoint
Ibm aspera High-speed Transfer Server

Wed, 27 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system.
Title Multiple vulnerabilities in Aspera applications.
First Time appeared Ibm
Ibm aspera High Speed Transfer Endpoint
Ibm aspera High Speed Transfer Server
Weaknesses CWE-121
CPEs cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm aspera High Speed Transfer Endpoint
Ibm aspera High Speed Transfer Server
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Aspera High-speed Transfer Endpoint Aspera High-speed Transfer Server Aspera High Speed Transfer Endpoint Aspera High Speed Transfer Server
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-28T03:55:31.039Z

Reserved: 2026-05-08T16:08:42.516Z

Link: CVE-2026-8179

cve-icon Vulnrichment

Updated: 2026-05-27T14:50:12.720Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:36.127

Modified: 2026-06-05T18:57:03.100

Link: CVE-2026-8179

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T02:30:04Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow