Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in IBM Aspera Faspex
Alerts

Active Exploitation of Critical Vulnerability in IBM Aspera Faspex

30 March 2023

There are reports of active exploitation of a critical vulnerability (CVE-2022-47986) in IBM Aspera Faspex. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

The vulnerability is caused by a Yet Another Markup Language (YAML) deserialisation flaw. Successful exploitation of the vulnerability could allow a remote attacker to execute arbitrary code on the system.

The vulnerability affects IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier. 

Users and administrators of the affected product versions are advised to update to the latest version immediately.

More information is available here:
https://www.ibm.com/support/pages/node/6952319

Back to top