IBM Aspera Faspex RCE (CVE-2022-47986)
Description
IBM Aspera Faspex versions prior to 4.4.2 PL2 contain a critical remote code execution vulnerability caused by insecure deserialization of YAML data. The application fails to properly validate serialized YAML input, allowing attackers to inject malicious payloads that execute arbitrary code when deserialized. This vulnerability requires no authentication and can be exploited remotely over the network.
Remediation
Apply the security patch immediately by upgrading IBM Aspera Faspex to version 4.4.2 PL2 or later. Follow these steps:
1. Review the IBM Security Bulletin at https://www.ibm.com/support/pages/node/6952319 for complete upgrade instructions and prerequisites
2. Schedule a maintenance window and back up all Faspex configurations and data before upgrading
3. Download IBM Aspera Faspex version 4.4.2 PL2 or later from the IBM support portal
4. Follow IBM's upgrade procedure to apply the patch to all affected instances
5. Verify the upgrade was successful by checking the version number in the application
6. Review system logs for any suspicious activity that may indicate prior exploitation
If immediate patching is not possible, implement network-level controls to restrict access to the Faspex application to trusted IP addresses only until the patch can be applied.