CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
46.2%
Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_access_policy_manager | 11.0.0 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:* |
f5 | big-ip_access_policy_manager | 11.1.0 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:* |
f5 | big-ip_access_policy_manager | 11.2.0 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:* |
f5 | big-ip_access_policy_manager | 11.2.1 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:* |
f5 | big-ip_access_policy_manager | 11.3.0 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:* |
f5 | big-ip_access_policy_manager | 11.4.0 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:* |
f5 | big-ip_access_policy_manager | 11.4.1 | cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:* |
f5 | big-ip_advanced_firewall_manager | 11.3.0 | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:* |
f5 | big-ip_advanced_firewall_manager | 11.4.0 | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:* |
f5 | big-ip_advanced_firewall_manager | 11.4.1 | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
46.2%