Lucene search
+L

14 matches found

redhatcve
redhatcve
added 2025/02/06 12:4 a.m.13 views

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

9.8CVSS7.5AI score0.99968EPSS
Exploits5
thn
thn
added 2023/05/25 10:40 a.m.280 views

Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool,...

9.8CVSS9.9AI score0.99999EPSS
Exploits44
packetstorm
packetstorm
added 2023/04/10 12:0 a.m.278 views

IBM Aspera Faspex 4.4.1 YAML Deserialization

Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Date: 02/02/2023 Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This...

9.8CVSS9.4AI score0.99968EPSS
Exploits5
zdt
zdt
added 2023/04/07 12:0 a.m.250 views

IBM Aspera Faspex 4.4.1 - YAML deserialization Remote Code Execution Exploit

Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This file implements a...

9.8CVSS9.4AI score0.99968EPSS
Exploits5
rapid7blog
rapid7blog
added 2023/03/28 7:35 p.m.64 views

Active Exploitation of IBM Aspera Faspex CVE-2022-47986

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On January 26, 2023, IBM published an advisory for multiple security issues affecting its Aspera Faspex software. The most critical of these was CVE-2022-47986, which is a...

9.5AI score0.99968EPSS
Exploits5
githubexploit
githubexploit
added 2023/03/09 10:3 p.m.294 views

Exploit for Deserialization of Untrusted Data in Ibm Aspera_Faspex

CVE-2022-47986 Why This vulnerability is exploited in the...

9.8CVSS8.4AI score0.99968EPSS
Exploits28
thn
thn
added 2023/03/09 2:1 p.m.3 views

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization...

9.8CVSS6.8AI score0.99968EPSS
Exploits5
thn
thn
added 2023/03/09 2:1 p.m.143 views

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization...

9.8CVSS1AI score0.99968EPSS
Exploits5
thn
thn
added 2023/02/22 5:38 a.m.8 views

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...

9.8CVSS8.1AI score0.99999EPSS
Exploits19
thn
thn
added 2023/02/22 5:38 a.m.179 views

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...

9.8CVSS1.9AI score0.99999EPSS
Exploits19
vulnrichment
vulnrichment
added 2023/02/17 3:46 p.m.16 views

CVE-2022-47986 IBM Aspera Faspex code execution

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

9.8CVSS9.5AI score0.99968EPSS
Exploits5References3
cve
cve
added 2023/02/17 3:46 p.m.900 views

CVE-2022-47986

Summary: CVE-2022-47986 affects IBM Aspera Faspex 4.4.2 PL1 and earlier due to a YAML deserialization flaw that allowed remote code execution. The vulnerability is triggered by a specially crafted obsolete API call; the obsolete call was removed in Faspex 4.4.2 PL2. IBM’s bulletin confirms remedi...

9.8CVSS8.4AI score0.99968EPSS
In wildExploits5References4Affected Software1
circl
circl
added 2023/02/03 1:0 p.m.8 views

CVE-2022-47986

creationtimestamp| type| source ---|---|--- 2023-02-03 13:00:09+00:00| published-proof-of-concept| https://t.me/truesecator/4022 2023-02-15 19:15:55+00:00| exploited| https://t.me/informationsecuritychannel/49577 2023-02-16 14:35:07+00:00| exploited| https://t.me/truesecator/4076 2023-02-17...

9.8CVSS7.2AI score0.99968EPSS
In wildExploits5References15
githubexploit
githubexploit
added 2023/02/03 6:32 a.m.855 views

Exploit for Deserialization of Untrusted Data in Ibm Aspera_Faspex

CVE-2022-47986 Aspera Faspex Pr...

9.8CVSS8.5AI score0.99968EPSS
Exploits5
Rows per page
Query Builder