K14138 : XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Security Advisory Description

An XML External Entity Injection (XXE) vulnerability exists in a BIG-IP component. This vulnerability may allow a user who is logged in to the BIG-IP Configuration utility to download arbitrary files from the file system.
Impact
An attacker may be able to exploit the vulnerability and retrieve arbitrary files, perform Denial of Service attacks, execute system level commands, or compromise the password table.