logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2022-47986

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-47986

Description:
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Last updated date:
02/28/2023

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
02/15/2023
Reference url to background

https://www.securityweek.com/recently-patched-ibm-aspera-faspex-vulnerability-exploited-in-the-wild/?utm_source=dlvr.it&utm_medium=twitter

Type:
exploitation
Confidence:
HIGH
Date of publishing:
02/21/2023
Reference url to background

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:
exploit
Confidence:
HIGH
Date of publishing:
02/03/2023
Reference url to background

https://github.com/ohnonoyesyes/CVE-2022-47986

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2023

Privacy Policy