Share
## https://sploitus.com/exploit?id=SAINT:29ACC8DBEB181C0B0645161422DDD264
Added: 04/13/2023  


### Background

IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. 

### Problem

A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for `**relay_package**` with specially crafted JSON content. 

### Resolution

Upgrade to Faspex 4.4.2 PL2 or higher. 

### References

https://www.ibm.com/support/pages/node/6952319   


### Limitations

Exploit works on Linux targets. 

### Platforms

Linux