CVE-2022-47986

This PoC exploits CVE-2022-47986, a pre-authentication RCE vulnerability in Aspera Faspex. It leverages YAML deserialization to execute arbitrary commands via a crafted payload sent to the `/aspera/faspex/package_relay/relay_package` endpoint.

This repository contains a proof-of-concept exploit for CVE-2022-47986, which leverages YAML deserialization to achieve remote code execution (RCE) in IBM Aspera Faspex versions before 4.4.2. The exploit uses crafted YAML payloads to trigger arbitrary command execution via Ruby's `Kernel.eval` method.

The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

The repository contains a functional exploit for CVE-2022-47986, targeting an IBM WebSphere vulnerability. The code includes AJP protocol manipulation for remote code execution (RCE) and is accompanied by weaponized scripts for automation.

The repository contains a functional exploit for CVE-2022-47986, a pre-authentication remote code execution vulnerability in Aspera Faspex. The exploit leverages YAML deserialization to achieve arbitrary command execution via a crafted payload sent to the `/aspera/faspex/package_relay/relay_package` endpoint.

This exploit leverages YAML deserialization in IBM Aspera Faspex to achieve remote code execution (RCE) by sending a crafted POST request with malicious YAML payload. The payload uses Ruby object deserialization to execute arbitrary commands via the `Kernel.eval` method.