XML External Entity Injection (XXE) Vulnerability in IBM Aspera Faspex 4.4.2

XML External Entity Injection (XXE) Vulnerability in IBM Aspera Faspex 4.4.2

CVE-2023-27874 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

Learn more about our External Network Penetration Testing.