CVE-2023-27285: 
IBM Aspera Connect vulnerability analysis and mitigation

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 were found to contain a buffer overflow vulnerability identified as CVE-2023-27285. The vulnerability was disclosed on June 4, 2023, and affects all versions up to (excluding) 4.2.6 of both products (NVD, IBM Advisory).

The vulnerability is caused by improper bounds checking in the software, which could allow an attacker to overflow a buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while IBM assigned it a slightly higher score of 8.4 with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system with high impacts on confidentiality, integrity, and availability of the system (IBM Advisory).

IBM has released version 4.2.6 for both Aspera Connect and Aspera Cargo to address this vulnerability. Users are recommended to upgrade to these versions immediately. The fix is available for Linux, Mac OSX, and Windows platforms (IBM Advisory).