COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-47986

CVE-2022-47986

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-02-21
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-47986
⚡ RCE ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wild

IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

Players implicated

IBM · vendorAspera Faspex · product

Description

IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

Affected FedRAMP products 5 in the catalog

ProductProviderStatusMatch
IBM Cloud for Government IBM Authorized vendor-exact · 0.90
IBM Federal HR Cloud IBM Authorized vendor-exact · 0.90
IBM Maximo and TRIRIGA on Cloud for U.S. Federal IBM Authorized vendor-exact · 0.90
MaaS360 Enterprise Mobility Management IBM Authorized vendor-exact · 0.90
SmartCloud for Government IBM Authorized vendor-exact · 0.90