2014-01-30 16:06:21 2017-08-29 03:31:47

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
F5 Big-ip application security manager 11.0.0 (not an official CPE) F5 Big-ip application security manager 11.2.0 (not an official CPE) F5 Big-ip protocol security module 11.1.0 (not an official CPE) F5 Big-ip local traffic manager 11.2.0 (not an official CPE) F5 Big-ip link controller 11.2.0 (not an official CPE) F5 Networks BIGIP Local Traffic Manager (LTM) 11.2.1 F5 Big-ip local traffic manager 11.0.0 (not an official CPE) F5 Big-ip link controller 11.0.0 (not an official CPE) F5 Big-IP Access Policy Manager (APM) 11.2.1 F5 Networks BIGIP Link Controller 11.2.1 F5 Big-IP Access Policy Manager (APM) 11.2.0 F5 Big-ip application security manager 11.0.0 Hf1 (not an official CPE) F5 Big-ip analytics 11.1.0 (not an official CPE) F5 Big-ip wan optimization manager 11.0.0 (not an official CPE) F5 Big-ip edge gateway 11.1.0 (not an official CPE) F5 Big-ip global traffic manager 11.1.0 (not an official CPE) F5 Big-ip wan optimization manager 11.2.0 (not an official CPE) F5 Networks BIGIP WAN Optimization Manager 11.2.1 F5 Big-ip webaccelerator 11.2.0 (not an official CPE) F5 Big-ip webaccelerator 11.0.0 (not an official CPE) F5 Networks BIGIP WebAccelerator 11.2.1 F5 Big-ip local traffic manager 11.1.0 Hf2 (not an official CPE) F5 Big-ip global traffic manager 11.0.0 Hf1 (not an official CPE) F5 Big-ip application security manager 11.1.0 (not an official CPE) F5 Big-ip protocol security module 11.0.0 (not an official CPE) F5 Networks BIGIP Protocol Security Module 11.2.1 F5 Big-ip protocol security module 11.2.0 (not an official CPE) F5 Big-IP Access Policy Manager (APM) 11.1.0 F5 Big-ip local traffic manager 11.1.0 (not an official CPE) F5 Big-ip link controller 11.1.0 (not an official CPE) F5 Networks BIG-IP Application Security Manager 11.2.1 F5 Big-ip global traffic manager 11.1.0 Hf2 (not an official CPE) F5 Big-ip local traffic manager 11.0.0 Hf1 (not an official CPE) F5 BIG-IP IP Edge Gateway 11.2.1 F5 Big-ip edge gateway 11.2.0 (not an official CPE) F5 Big-ip wan optimization manager 11.1.0 (not an official CPE) F5 Networks BIGIP Analytics 11.2.1 F5 Big-ip analytics 11.2.0 (not an official CPE) F5 BIG-IP IP Edge Gateway 11.0.0 F5 Networks BIGIP Global Traffic Manager 11.2.1 F5 Big-ip global traffic manager 11.0.0 (not an official CPE) F5 Big-ip analytics 11.0.0 (not an official CPE) F5 Big-ip global traffic manager 11.2.0 (not an official CPE) F5 Big-ip application security manager 11.1.0 Hf2 (not an official CPE) F5 Big-ip webaccelerator 11.1.0 (not an official CPE)