IBM Aspera Faspex Deserialization Vulnerability

2023-02-2100:00:00

China National Vulnerability Database

www.cnvd.org.cn

ibm aspera

faspex

deserialization vulnerability

yaml flaw

arbitrary code execution

file transfer

streaming

ibm

international business machines

0.959 High

EPSS

Percentile

99.5%

JSON

IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines (IBM). IBM Aspera Faspex version 4.4.2 Patch Level 1 and prior versions contain a deserialization vulnerability that stems from a YAML deserialization flaw. An attacker could use this vulnerability to execute arbitrary code on the system.

IBM Aspera Faspex Deserialization Vulnerability

Related