logo
DATABASE RESOURCES PRICING ABOUT US

Multiple libXML2 vulnerabilities

Description

F5 Product Development has assigned ID 561663 (BIG-IP), ID 572608 (BIG-IQ), ID 572609 (Enterprise Manager), and INSTALLER-2127 (Traffix) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61570943 on the **Diagnostics** > **Identified** > **Low** screen. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature ---|---|---|---|--- BIG-IP LTM| 11.0.0 - 11.6.0 10.1.0 - 10.2.4| 12.0.0 - 12.1.0| Low*| libXML2 BIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP APM| 11.0.0 - 11.6.0 10.1.0 - 10.2.4| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP ASM| 11.0.0 - 11.6.0 10.1.0 - 10.2.4| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP DNS| None| 12.0.0- 12.1.0| Not vulnerable| None BIG-IP Edge Gateway| 11.0.0 - 11.3.0 10.1.0 - 10.2.4| None| Low*| libXML2 BIG-IP GTM| 11.0.0 - 11.6.0 10.1.0 - 10.2.4| None| Low*| libXML2 BIG-IP Link Controller| 11.0.0 - 11.6.0 10.1.0 - 10.2.4| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 BIG-IP PSM| 11.0.0 - 11.4.1 10.1.0 - 10.2.4| None| Low*| libXML2 BIG-IP WebAccelerator| 11.0.0 - 11.3.0 10.1.0 - 10.2.4| None| Low*| libXML2 BIG-IP WOM| 11.0.0 - 11.3.0 10.1.0 - 10.2.4| None| Low*| libXML2 ARX| None| 6.0.0 - 6.4.0| Not vulnerable| None Enterprise Manager| 3.0.0 - 3.1.1| None| Medium| libXML2 FirePass| None| 7.0.0 6.0.0 - 6.1.0| Not vulnerable| None BIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| libXML2 BIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| libXML2 BIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| libXML2 BIG-IQ ADC| 4.5.0| None| Medium| libXML2 BIG-IQ Centralized Management| 5.0.0 - 5.1.0 4.6.0| 5.2.0| Medium| libXML2 BIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| libXML2 LineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None F5 WebSafe| None| 1.0.0| Not vulnerable| None Traffix SDC| 4.0.0 - 4.4.0 3.3.2 - 3.5.1| None| Low| libXML2 * Although BIG-IP software contains the vulnerable code, the BIG-IP system does not use the vulnerable code in any way. If you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. To determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>). Mitigation To mitigate this vulnerability for affected F5 products, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>). * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>) * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>) * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>) * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>) * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)


Related