IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines (IBM) Inc. An SQL injection vulnerability exists in IBM Aspera Faspex version 4.4.2. The vulnerability stems from the applicationβs lack of validation of external input SQL statements, which can be exploited by attackers to obtain sensitive credential information from external users using specially crafted SQL queries.