IBM-XFORCE-243512
First published: Thu Feb 02 2023(Updated: )
IBM Aspera Faspex code execution
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Aspera Faspex | <=4.4.2 | |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of IBM-XFORCE-243512?
The severity of IBM-XFORCE-243512 is critical.
How does IBM Aspera Faspex code execution vulnerability occur?
The IBM Aspera Faspex code execution vulnerability occurs due to a YAML deserialization flaw.
How can a remote attacker exploit the IBM Aspera Faspex code execution vulnerability?
A remote attacker can exploit the IBM Aspera Faspex code execution vulnerability by sending a specially crafted obsolete API call.
What is the affected software version of the IBM Aspera Faspex code execution vulnerability?
The affected software version of the IBM Aspera Faspex code execution vulnerability is 4.4.2 Patch Level 1 and earlier.
How can I fix the IBM Aspera Faspex code execution vulnerability?
To fix the IBM Aspera Faspex code execution vulnerability, refer to the appropriate IBM Security Bulletin for patch, upgrade, or suggested workaround information.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/xforce-vulnerability
- alias/CVE-2022-47986
- vendor/ibm
- canonical/ibm aspera faspex
- version/ibm aspera faspex/4.4.2