IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.
View the template here CVE-2022-47986.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-47986