Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Aspera Faspex XML external entity injection
Vulnerability Description
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
IBM Aspera 代码问题漏洞
Vulnerability Description
IBM Aspera是美国国际商业机器(IBM)公司的一套基于IBM FASP协议构建的快速文件传输和流解决方案。 IBM Aspera Faspex 4.4.2版本存在代码问题漏洞,该漏洞源于在处理XML数据时容易受到XML外部实体注入攻击。攻击者利用该漏洞可以执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A