Primary

Context

IBM Aspera High-Speed Transfer Products asperahttpd Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the asperahttpd component of IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server, both versions 3.7.4 prior to 4.4.7 Fix Pack 1. An unauthenticated user can cause the asperahttpd service to crash, leading to a service disruption.

Impact

Exploitation of this vulnerability can cause the asperahttpd service to crash, leading to a denial-of-service condition.

Remediation

Users can upgrade to IBM Aspera High-Speed Transfer Server or Endpoint version 4.4.7 Fix Pack 2. Instructions for downloading this version are available on the IBM Support Fix Central website.

Added: May 28, 2026, 5:04 AM

Updated: May 28, 2026, 5:04 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Aspera High-Speed Transfer Products asperahttpd Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Aspera High-Speed Transfer Endpoint

IBM Aspera High-Speed Transfer Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating