K21121741 : BIG-IP AFM SQL injection vulnerability CVE-2019-6658

2019-10-3100:00:00

my.f5.com

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Security Advisory Description

A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. (CVE-2019-6658)

Impact

An attacker may be able to extract table name enumeration and user account names. All other data available through the injection is already available to an attacker through normal mechanisms.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 3001