Unrated severityCISA KEVNVD Advisory· Published Feb 17, 2023· Updated Oct 21, 2025
IBM Aspera Faspex code execution
CVE-2022-47986
Description
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=4.4.2 Patch Level 1+ 1 more
- (no CPE)range: <=4.4.2 Patch Level 1
- (no CPE)range: 4.4.2 Patch Level 1 and earlier
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.