Vulnerabilities > IBM > Aspera Faspex > 4.4.2

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2023-27873 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input.
network
low complexity
ibm
6.5
6.5
2023-03-21 CVE-2023-27874 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.8
8.8
2023-02-17 CVE-2022-47986 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw.
network
low complexity
ibm
critical
 9.8
9.8