Lucene search
HistoryMar 21, 2023 - 3:15 p.m.
CVE-2023-27874
ibm
aspera
faspex
xml
xxe
injection
remote
authentication
vulnerability
command
execution
x-force
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
38.8%
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.
Affected configurations
Node
ibmaspera_faspexRange≤4.4.2
ORibmaspera_faspexMatch4.4.2patch_level_1
ORibmaspera_faspexMatch4.4.2patch_level_2
linuxlinux_kernelMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aspera_faspex | * | cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:* |
| ibm | aspera_faspex | 4.4.2 | cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:* |
| ibm | aspera_faspex | 4.4.2 | cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
Related
cnvd
cnvd
IBM Aspera XML External Entity Injection Vulnerability
2023-03-23 00:00:00
prion
prion
Xxe
2023-03-21 15:15:00
cvelist
cvelist
CVE-2023-27874 IBM Aspera Faspex XML external entity injection
2023-03-21 14:33:20
cve
cve
CVE-2023-27874
2023-03-21 15:15:12
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
38.8%
Related for NVD:CVE-2023-27874