Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)

Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 IBM Aspera Faspex is used by organizations to allow employees to quickly and securely exchange files with each other. (The files are uploaded to and downloaded from a centralized Aspera transfer server.) CVE-2022-47986 is a YAML deserialization flaw that can be triggered by remote attackers sending a specially crafted obsolete API call. It affects … More →

The post …

api aspera aspera faspex attackers breach call critical critical vulnerability cve cve-2022-47986 deserialization don't miss employees enterprise exchange exploiting faspex file files file sharing file transfer flaw gangs greynoise hot stuff ibm organizations quickly ransomware ransomware gangs rapid7 rce sentinelone server shadowserver solution vulnerability yaml