CVE-2020-4545: 
IBM Aspera Connect vulnerability analysis and mitigation

CVE-2020-4545 is a security vulnerability affecting IBM Aspera Connect versions 3.9.9 and earlier. The vulnerability was discovered and disclosed in September 2020, involving improper loading of Dynamic Link Libraries (DLL) by the import feature. This vulnerability affects Windows-based systems running the affected versions of IBM Aspera Connect (IBM Security).

The vulnerability stems from improper loading of Dynamic Link Libraries by the import feature in IBM Aspera Connect. It has been assigned a CVSS Base score of 7.8 with a vector of CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity issue requiring local access and user interaction (IBM Security).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected Windows system. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability (IBM Security).

IBM has released version 3.10.0 of Aspera Connect as a fix for this vulnerability (ASCN-2314). No workarounds are available, making it essential to upgrade to the patched version (IBM Security).

The vulnerability was reported to IBM by security researcher Yorick Koster, demonstrating active security research engagement with IBM's products (IBM Security).