IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6952319 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2023-02-17T15:46:04.120Z
Updated: 2023-02-18T15:44:00.744Z
Reserved: 2022-12-28T17:49:58.383Z
Link: CVE-2022-47986
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-17T16:15:10.873
Modified: 2023-04-26T20:01:32.427
Link: CVE-2022-47986
JSON object: View
Redhat Information
No data.
CWE