SOL14410 - Multiple MySQL vulnerabilities

2013-05-1400:00:00

support.f5.com

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.014 Low

EPSS

Percentile

84.7%

JSON

Vulnerability Recommended Actions

To eliminate these vulnerabilities, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table.

For Enterprise Manager, if you are unable to upgrade to 3.1.0, you can mitigate the remote vulnerability by configuring the Statistics Data Location option to use the local database. To do so, perform the following procedure:

Impact of action: The Enterprise Manager system will no longer store health and performance monitoring statistics on an external database.

Log in to the Configuration utility.
Navigate to Statistics >Managed Devices.
Click Options.
Click Data Storage.
Change the Statistics Data Location option toLocal.
Click Save Changes.

Supplemental Information

SOL11317: Connectivity requirements for the Enterprise Manager system
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents.
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5
SOL13123: Managing BIG-IP product hotfixes (11.x)
SOL9502: BIG-IP hotfix matrix

CPENameOperatorVersion
big-ip apmle11.2.1
enterprise managerle3.0.0
big-ip webacceleratorle9.4.8
big-ip psmle9.4.8
big-ip asmle9.4.8
big-ip edge gateway
le11.2.1
big-ip analyticsle11.2.1

Name	Operator	Version
big-ip apm	le	11.2.1
enterprise manager	le	3.0.0
big-ip webaccelerator	le	9.4.8
big-ip psm	le	9.4.8
big-ip asm	le	9.4.8
big-ip edge gateway	le	11.2.1
big-ip analytics	le	11.2.1