CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_faspex:4.4.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-02-17 16:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-47986

Mitre link : CVE-2022-47986

CVE.ORG link : CVE-2022-47986


JSON object : View

Products Affected

linux

  • linux_kernel

ibm

  • aspera_faspex

microsoft

  • windows
CWE
CWE-502

Deserialization of Untrusted Data