Aspera Faspex Exploit, CVEID: CVE-2022-47986 DESCRIPTION: IBM

Aspera Faspex Exploit, CVEID: CVE-2022-47986 DESCRIPTION: IBM Aspera Faspex 4. Apr 14, 2025 · IBM has issued a security bulletin regarding a vulnerability in its Aspera Faspex 5 file transfer platform. Using the Vantage Aspera service within your Vantage workflows will enable the automated delivery of media and associated files directly to Aspera faspexServers. The vulnerability was discovered by Jan van der Put, Jasper Westerman, and Yanick de Pater of REQON B. The vulnerability was disclosed in December 2024 and affects the IBM Aspera Faspex software running on Linux platforms (IBM Advisory). Remote attackers could exploit a SQL query flaw to access sensitive user credentials. This vulnerability impacts IBM Aspera Faspex installations running on Linux platforms (IBM Advisory). IBM Aspera Faspex may be vulnerable to exposing data improperly (CVE-2022-22497) due to an incorrectly computed security token. 2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. The flaw, designated as CVE-2025-3423, allows attackers to inject malicious JavaScript into the web interface, potentially compromising sensitive user data. and was publicly disclosed on September 5, 2024. Security Bulletin Summary IBM Aspera Faspex 5. One example is the transfer activity panel that allows a user to keep monitoring transfers as the user switches from one application to another. 10 On January 26, 2023, IBM published an advisory for multiple security issues affecting its Aspera Faspex software. Security Bulletin Summary IBM Aspera Faspex has addressed vulnerabilities related to denial-of-service, inefficient code execution under specific conditions, and unintended traffic routing. IBM Aspera Faspex 4. If you are using an earlier version of Faspex, upgrade to Faspex 4. Threat actors are actively exploiting security vulnerabilities in Zimbra, IBM Aspera Faspex, Cacti, and Realtek products. Attackers exploit this flaw by manipulating client-side requests to impersonate other users, gaining unauthorized access to sensitive data or performing privileged actions. 2 PL3. 1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms. Respective vendors have Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. IBM Aspera Faspex 5 is vulnerable to DOM-based cross-site scripting. In this CISA KEV Breakdown, an IBM Aspera Faspex deserialization RCE vulnerability, as well as two Mitel MiVoice Connect injection vulnerabilities were added to the KEV list. Attackers could use this vulnerability to trick users into opening malicious URLs, allowing client-side scripts to process and execute at the user's browser. 1 contains a vulnerability that could allow a privileged user to cause a denial of service condition. 2 Patch Level 1 and earlier versions. 8 has addressed multiple encryption vulnerabilities (CVE-2023-22869, CVE-2023-37396, CVE-2023-27279, CVE-2023-37395, CVE-2023-37397, CVE-2022-40745) Vantage interfaces with Aspera faspex via an optional Vantage Aspera faspexservice connector (Vantage Aspera service) and associated Vantage Aspera workflow action. 12. Ransomware groups are still exploiting a vulnerability in unpatched versions of Aspera Faspex almost four months after IBM issued a patch. A list of fixed issues and new features from previous releases is also included. 2 PL1 and earlier due to a YAML deserialization flaw that allowed remote code execution. 2. 12 allows authenticated users to bypass server-side security checks due to improper client-side enforcement. The most critical of these was CVE-2022-47986, which is a pre-authentication YAML deserialization vulnerability in Ruby on Rails code. - GobyVuls/GobyVuls-Document. Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5. . For upgrade instructions, refer to the Upgrading Faspex section in the Faspex 4. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. 14. 10 A high speed IBM file transfer platform, Aspera Faspex, is being actively attacked by hackers who are exploiting a pre-auth RCE vulnerability An authenticated attacker could exploit this vulnerability by embedding arbitrary JavaScript code into the Web UI. (CVE-2022-47986) IBM Aspera Faspex versions 5. IBM Aspera Faspex versions 5. This vulnerability is documented as CVE-2022-40745. 11 is vulnerable to cross-site scripting. 19 contains, system requirements, and known issues. A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks. In early winter 2023, IBM released an advisory patching a set of security issues impacting the Aspera Faspex app. IBM Aspera Faspex versions 5. 0 up to and including 5. An authenticated attacker could exploit this vulnerability by embedding arbitrary JavaScript code into the Web UI, potentially leading to the disclosure of sensitive credentials within a Apr 14, 2025 · A significant security vulnerability has been identified in IBM Aspera Faspex 5, a popular file exchange solution. 4. 0. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data. With a web-based graphical user interface, faspex allows more advanced management options for fasp high-speed transfer to match your organization's workflow. Introduction Aspera faspex is a file exchange application that built upon Aspera Enterprise Server for centralized transfer solution. A vulnerability categorized as problematic has been discovered in IBM Aspera Faspex up to 5. IBM Aspera Faspex is a file-exchange application which enables organizations to move large files and data sets. IBM Aspera Faspex 5. Download the patch here. This Security Bulletin addresses security vulnerabilities that have been remediated (CVE-2023-27871, CVE-2023-27873) and mitigated (CVE-2023-27874) in IBM Aspera Faspex 4. CVE-2023-24965: IBM Aspera Faspex vulnerability analysis and mitigation Overview IBM Aspera Faspex 5. Contribute to f0ur0four/Insecure-Deserialization development by creating an account on GitHub. It is advisable to upgrade the affected component. A vulnerability has been discovered in IBM Aspera Faspex, which could allow for Arbitrary Code Execution. The vulnerability was discovered by Max Garrett from Assetnote and disclosed to IBM in October 2022. CVE-2025-33137 in IBM Aspera Faspex 5. CVE-2025-36039 : IBM Aspera Faspex 5. IBM Aspera Faspex High-Speed File Transfer Has a Killer Bug With a CVSS score of 9. 8 and active exploits using the IceFire ransomware, this is a "Patch It, Now!" bug. 0 through 5. 7 contains a security vulnerability (CVE-2023-37395) that could allow a local user to obtain sensitive information due to improper encryption of certain data. 2 that is vulnerable to an XML External Entity Injection attack while processing XML Data. Jul 31, 2025 · CVE-2025-36039 : IBM Aspera Faspex 5. Summary: CVE-2022-47986 affects IBM Aspera Faspex 4. 1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever sid IBM Aspera Faspex promises security to end users by offering encryption options for the files being uploaded through its application. This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5. Security Bulletin: IBM Aspera Faspex is vulnerable to multiple encryption vulnerabilities. IceFire ransomware is targeting Linux servers by exploiting a known vulnerability in IBM Aspera Faspex, according to new research by SentinelOne. CVE-2022-47986: IBM Aspera Faspex vulnerability analysis and mitigation Overview CVE-2022-47986 is a critical pre-authentication YAML deserialization vulnerability affecting IBM Aspera Faspex 4. ruby yaml exploit python3 deserialization nmap poc rce vulnerability aspera ibm metasploit faspex cve-2022-47986 Updated on Mar 9, 2023 Ruby This security bulletin addresses multiple security vulnerabilities that have been remediated in IBM Aspera Faspex 4. CVE-2022-46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute 5. md at master · gobysec/GobyVuls IBM Aspera Faspex versions 5. 親愛的讀者，如果你正在讀這段文字，代表你曾經在茫茫網海中與我們相遇過。謝謝你。 RSMedia 誕生於 2024 年秋天，我們帶著一個簡單的信念出發：在資訊氾濫的年代，人們依然值得擁有一個有別於主流、值得信任的新聞來源。然後，時代變了。2025 年，生成式 AI 時代到來，我們這艘小船還來不及 IBM Aspera is a suite of data transfer software for moving amounts of data quickly and securely, regardless of network conditions. 4 Admin guide. Learn about CVE-2023-27871 affecting IBM Aspera Faspex 4. Description I propose pure python and ruby scripts, metasploit and nmap modules to exploit the vulnerability that causes a RCE (Remote Code Execution) on IBM Aspera Faspex from YAML deserialization. 1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. Another example DESCRIPTION: IBM Aspera Faspex 5 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse. faspex provides the following CVE-2023-27874 – IBM Aspera Faspex XXE Injection Similarly, we’ve observed another vulnerability in the IBM Aspera Faspex 4. The vulnerability was discovered and disclosed on July 30, 2025, affecting the client-side enforcement of server-side security mechanisms. 1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever sid Overview IBM Aspera Faspex versions 5. 13. 12 is vulnerable to HTML injection, identified as CVE-2025-33138. 0 to 5. The vulnerability is triggered by a specially crafted obsolete API call; the obsolete call was removed in Patch Level 3 Important: To install this patch level 3 you must be on Faspex 4. 9 contains a security vulnerability identified as CVE-2024-45097. Vulnerabilities of Goby supported with exploitation. The most notorious one on the list is CVE-2022-47986, a pre-authentication YAML deserialization vulnerability stemming from Ruby on Rails code. Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex file transfer solution to breach organizations. 1 contains a security vulnerability identified as CVE-2025-36039. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. The 3rd party vulnerabilities are for very specific use cases that are not necessarily exposed through Faspex. 2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. This release for IBM Aspera Cargo 4. User-uploaded files and folders are sent to, stored on, and downloaded from nodes (also known as Aspera transfer servers). IBM Aspera for desktop is replacing IBM Aspera Connect A brand-new desktop transfer application that transforms how you FASP your files — faster, smarter, and simpler than ever. - IBM Aspera Faspex 4. 7. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the affected service IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. 2 Uninstall faspex 1. This security model is broken through the pre-authentication RCE vulnerability we discovered, that allowed us to execute arbitrary commands on the Aspera Faspex server. Resources to learn about Insecure Deserialization. The vulnerability was disclosed on October 9, 2025, and is tracked as CVE-2025-36171. CVE-2025-36040 IBM Aspera Faspex 5. In a blog post Thursday, Alex Delamotte, senior threat researcher at SentinelOne, detailed the recent threat against enterprises that SentinelLabs observed beginning in mid-February. 1 Fixed issue Aspera/faspex-core#5246 - Faspex sends duplicated notifications to all the recipients of a Shared Inbox when the following conditions are defined: Faspex is a centralized transfer solution that enables users to exchange files with each other using an email-like workflow. 11. " IBM Aspera Faspex through 4. Aspera/faspex-core#4720 - After upgrading to Faspex 5, users cannot view packages created in Faspex 4 if the package has notifiable fields with only one user, and that user has an integer as their username. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. Identified as CVE-2025-3423, this flaw exposes users to DOM-based cross-site scripting (XSS) attacks. Mitigate the risk with security patches. The vulnerability was discovered and disclosed on May 22, 2025. Faspex 5 has a completely new web user interface created with the IBM Carbon Design framework (and dark mode is available). The Faspex 5 web interface is a single-page reactive application, allowing streamlined, new user experiences. V. IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. 5 contains a security vulnerability (CVE-2023-24965) where the application does not restrict or incorrectly restricts access to a resource from an unauthorized actor (IBM Support). yfud, edi38, q08z, yzpb60, kt0p, jcbqou, trmlc, 9xzbn, agyc, qduqml,