Share
## https://sploitus.com/exploit?id=SAINT:29ACC8DBEB181C0B0645161422DDD264
Added: 04/13/2023  


### Background

[IBM Aspera Faspex](<https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex>) is a centralized, high-speed transfer solution using the FASP protocol. 

### Problem

A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for `**relay_package**` with specially crafted JSON content. 

### Resolution

[Upgrade](<https://www.ibm.com/support/fixcentral/swg/selectFixes>) to Faspex 4.4.2 PL2 or higher. 

### References

<https://www.ibm.com/support/pages/node/6952319>  


### Limitations

Exploit works on Linux targets. 

### Platforms

Linux