{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-9035","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2026-05-19T16:39:18.455Z","datePublished":"2026-05-27T13:21:43.995Z","dateUpdated":"2026-05-27T14:47:20.101Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-05-27T13:21:43.995Z"},"title":"Multiple vulnerabilities in Aspera applications.","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"Aspera High-Speed Transfer Endpoint","versions":[{"status":"affected","version":"3.7.4","lessThanOrEqual":"4.4.7 Fix Pack 1","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"Aspera High-Speed Transfer Server","versions":[{"status":"affected","version":"3.7.4","lessThanOrEqual":"4.4.7 Fix Pack 1","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.</p>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273615","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}],"solutions":[{"lang":"en","value":"Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)","supportingMedia":[{"type":"text/html","base64":false,"value":"<div><table><tbody><tr><td><strong>Product(s)</strong></td><td><strong>VRMF</strong></td><td><strong>Remediation/First Fix</strong></td></tr><tr><td>IBM Aspera High-Speed Transfer Server</td><td>4.4.7 Fix Pack 2</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server&amp;release=4.4.7.2&amp;platform=All&amp;function=all\" rel=\"noopener noreferrer nofollow\">Link to latest release (4.4.7 FP 2)</a></td></tr><tr><td>IBM Aspera High-Speed Transfer Endpoint</td><td>4.4.7 Fix Pack 2</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Endpoint&amp;release=4.4.7.2&amp;platform=All&amp;function=all\" rel=\"nofollow\">Link to latest release (4.4.7 FP 2)</a></td></tr></tbody></table></div>"}]}],"x_generator":{"engine":"ibm-cvegen"},"credits":[{"lang":"en","value":"The vulnerabilities were reported to IBM by Yannik Marchand.","type":"finder"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-27T14:47:07.128841Z","id":"CVE-2026-9035","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-27T14:47:20.101Z"}}]}}