VYPR
Unrated severityCISA KEVNVD Advisory· Published Feb 17, 2023· Updated Oct 21, 2025

IBM Aspera Faspex code execution

CVE-2022-47986

Description

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • IBM/Aspera Faspex 5llm-fuzzy2 versions
    <=4.4.2 Patch Level 1+ 1 more
    • (no CPE)range: <=4.4.2 Patch Level 1
    • (no CPE)range: 4.4.2 Patch Level 1 and earlier

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.