CVE-2023-27874
published 2023-03-21CVE-2023-27874: IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITW
Exploited in the wild
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aspera_faspex | <= 4.4.2 | — |
| ibm | aspera_faspex | — | — |