CVE-2012-2997

2014-01-2118:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-2997

f5 big-ip

xxe vulnerability

xml external entity

nvd

6.2 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

87.0%

JSON

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

CPENameOperatorVersion
f5:big-ip_configuration_utilityf5 big-ip configuration utilityeq10.2.4
f5:big-ip_configuration_utilityf5 big-ip configuration utilityeq10.0.0
f5:big-ip_configuration_utilityf5 big-ip configuration utilityeq11.2.1
f5:big-ip_configuration_utilityf5 big-ip configuration utilityeq11.0.0

CPE	Name	Operator	Version
f5:big-ip_configuration_utility	f5 big-ip configuration utility	eq	10.2.4
f5:big-ip_configuration_utility	f5 big-ip configuration utility	eq	10.0.0
f5:big-ip_configuration_utility	f5 big-ip configuration utility	eq	11.2.1
f5:big-ip_configuration_utility	f5 big-ip configuration utility	eq	11.0.0