Aspera Faspex Security Vulnerabilities and Issues — Aspera Faspex CVE List

cve

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The...

9.8CVSS

8.3AI Score

0.958EPSS

2023-02-17 04:15 PM

707

In Wild

cve

CVE-2023-27284

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.

9.8CVSS

9.4AI Score

0.002EPSS

2023-04-02 09:15 PM

40

cve

CVE-2023-27286

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.

9.8CVSS

9.4AI Score

0.002EPSS

2023-04-02 09:15 PM

38

cve

CVE-2023-27874

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

9.9CVSS

8.6AI Score

0.001EPSS

2023-03-21 03:15 PM

46

Aspera Faspex Security Vulnerabilities - CVSS Score 9 - 10