IBM Aspera Faspex RCE (CVE-2022-47986)
Description
Invicti determined that the IBM Aspera Faspex is vulnerable to remote code execution due to insecure YAML deserialization. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.
Remediation
Upgrade to the latest version of IBM Aspera Faspex