Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-47986 PoC — IBM Aspera Faspex 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-47986.yaml
Associated Vulnerability
Title:IBM Aspera Faspex 代码问题漏洞 (CVE-2022-47986)
Description:IBM Aspera是美国国际商业机器(IBM)公司的一套基于IBM FASP协议构建的快速文件传输和流解决方案。 IBM Aspera Faspex 4.4.2 Patch Level 1版本及之前版本存在代码问题漏洞,该漏洞源于YAML反序列化缺陷。攻击者利用该漏洞在系统上执行任意代码。
Description
IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.
File Snapshot

 id: CVE-2022-47986

info:
  name: IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution
  author: co

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.