CVE-2023-27874: XEE
First published: Mon Mar 20 2023(Updated: )
IBM Aspera is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Aspera Faspex | <=4.4.2 | |
| IBM Aspera Faspex | =4.4.2-patch_level_1 | |
| IBM Aspera Faspex | =4.4.2-patch_level_2 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-27874?
The severity of CVE-2023-27874 is critical with a severity value of 9.9.
How does CVE-2023-27874 affect IBM Aspera Faspex?
CVE-2023-27874 affects IBM Aspera Faspex version 4.4.2 and patch levels 4.4.2-patch_level_1 and 4.4.2-patch_level_2.
What is an XML external entity injection (XXE) attack?
An XML external entity injection (XXE) attack is a vulnerability that allows an attacker to exploit the processing of XML data to execute arbitrary commands.
How can a remote authenticated attacker exploit CVE-2023-27874?
A remote authenticated attacker can exploit CVE-2023-27874 to execute arbitrary commands.
Where can I find more information about CVE-2023-27874?
You can find more information about CVE-2023-27874 at the following references: [IBM X-Force ID: 249845](https://exchange.xforce.ibmcloud.com/vulnerabilities/249845) and [IBM support page](https://www.ibm.com/support/pages/node/6964694).
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm aspera faspex
- version/ibm aspera faspex/4.4.2
- version/ibm aspera faspex/4.4.2-patch_level_1
- version/ibm aspera faspex/4.4.2-patch_level_2
- vendor/linux
- canonical/linux linux kernel