Aspera Faspex@4.4.2 Security Vulnerabilities and Issues — Aspera Faspex@4.4.2 CVE List

Lucene search

IbmAspera Faspex4.4.2

4 matches found

CVE•added 2023/02/17 4:15 p.m.•824 views

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The...

9.8CVSS8.4AI score0.94345EPSS

CVE•added 2023/03/21 3:15 p.m.•71 views

CVE-2023-27874

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

9.9CVSS8.7AI score0.00137EPSS

CVE•added 2023/03/21 3:15 p.m.•47 views

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.

7.5CVSS7.4AI score0.00049EPSS

CVE•added 2023/03/21 3:15 p.m.•45 views

CVE-2023-27873

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.

6.5CVSS6AI score0.00046EPSS