VYPR
Unrated severityNVD Advisory· Published Mar 21, 2023· Updated Feb 26, 2025

IBM Aspera Faspex XML external entity injection

CVE-2023-27874

Description

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • IBM/Aspera Faspex 5llm-fuzzy2 versions
    = 4.4.2+ 1 more
    • (no CPE)range: = 4.4.2
    • (no CPE)range: 4.4.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.