CVE-2023-27874

Summary

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Faspex4.4.2affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References