IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines (IBM). IBM Aspera Faspex version 4.4.2 is vulnerable to XML external entity injection, which stems from not setting the correct filter to allow references to external entities when processing XML data. An attacker could use this vulnerability to execute arbitrary commands.