Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K14154
HistorySep 11, 2013 - 12:00 a.m.

K14154 : SQL injection vulnerability from an authenticated source CVE-2012-3000

2013-09-1100:00:00
my.f5.com
8

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Security Advisory Description

An SQL injection vulnerability exists in a BIG-IP component. This local vulnerability may allow an authenticated attacker to download arbitrary files from the file system.

Impact
An attacker may be able to exploit the vulnerability and retrieve arbitrary files or modify database contents.
F5 Product Development has assigned ID 400060 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:
Product| Versions known
to be vulnerable| Versions known
to be not vulnerable| Vulnerable component
or feature
—|—|—|—
BIG-IP LTM| 11.0.0 - 11.2.1
| 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP GTM| 11.0.0 - 11.2.1| 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP ASM| 11.0.0 - 11.2.1| 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP Link Controller| 11.0.0 - 11.2.1| 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP WebAccelerator| 11.0.0 - 11.2.1| 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0| AVR WebGUI
BIG-IP PSM| 11.0.0 - 11.2.1| 9.4.6 - 9.4.8
10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP WOM| 11.0.0 - 11.2.1| 10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0| AVR WebGUI
BIG-IP APM| 11.0.0 - 11.2.1| 10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP Edge Gateway| 11.0.0 - 11.2.1| 10.0.1 - 10.2.4
11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP Analytics| 11.0.0 - 11.2.1| 11.2.0 HF3
11.2.1 HF3
11.3.0 - 11.4.0| APM WebGUI
BIG-IP AFM| None| 11.3.0 - 11.4.0| None
BIG-IP PEM| None| 11.3.0 - 11.4.0| None
BIG-IP AAM| None| 11.4.0| None
FirePass| None| 6.1.0
7.0.0| None
Enterprise Manager| None| 1.x
2.x
3.x| None
ARX| None| 4.x
5.x
6.x| None

Security Advisory Recommended Actions

To eliminate this vulnerability, upgrade to a version that is listed in the
Versions known to be not vulnerable
column.

Acknowledgements

F5 would like to acknowledge
SEC Consult Vulnerability Lab
for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Related

nessus 1
f5 1
securityvulns 2
cve 1
prion 1
packetstorm 1
seebug 1
cvelist 1
nvd 1
nessus
nessus
F5 Networks BIG-IP : SQL injection vulnerability from an authenticated source (SOL14154)
2014-10-10 00:00:00
f5
f5
SOL14154 - SQL injection vulnerability from an authenticated source CVE-2012-3000
2013-01-23 00:00:00
securityvulns
securityvulns
SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability
2013-01-27 00:00:00
F5 BIG-IP security vulnerabilities
2013-01-27 00:00:00
cve
cve
CVE-2012-3000
2014-01-30 15:06:21
prion
prion
Sql injection
2014-01-30 15:06:00
packetstorm
packetstorm
F5 BIG-IP 11.2.0 SQL Injection
2013-01-22 00:00:00
seebug
seebug
F5 BIG-IP SQL注入漏洞
2014-07-07 00:00:00
cvelist
cvelist
CVE-2012-3000
2014-01-30 15:00:00
nvd
nvd
CVE-2012-3000
2014-01-30 15:06:21

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON
Related for F5:K14154
nessus1f51securityvulns2cve1prion1packetstorm1seebug1cvelist1nvd1