Security Bulletin: IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2023-27871, CVE-2023-27873 and mitigated CVE-2023-27874 in IBM Aspera Faspex 4.4.2 PL3. Vulnerability Details CVEID:CVE-2023-27874 DESCRIPTION: IBM Aspera is vulnerable to an XML external entity...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...

IBM Aspera XML External Entity Injection Vulnerability

IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.2 is vulnerable to XML external entity injection, which stems from not setting the correct filter to allow references to external entities whe...

PT-2023-21385 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex version 4.4.2 Description: The issue allows a remote attacker to obtain sensitive credential information for an external user using a specially crafted SQL query. Recommendations: For IBM Aspera Faspex version 4.4.2, update ...