Lucene search

K
nvd[email protected]NVD:CVE-2022-29474
HistoryMay 05, 2022 - 5:15 p.m.

CVE-2022-29474

2022-05-0517:15:15
CWE-22
web.nvd.nist.gov
1
f5 big-ip
directory traversal
soap vulnerability

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

26.9%

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected configurations

NVD
Node
f5big-ip_access_policy_managerMatch11.6.1
OR
f5big-ip_access_policy_managerMatch11.6.2
OR
f5big-ip_access_policy_managerMatch11.6.3
OR
f5big-ip_access_policy_managerMatch11.6.4
OR
f5big-ip_access_policy_managerMatch11.6.5
OR
f5big-ip_access_policy_managerMatch12.1.0
OR
f5big-ip_access_policy_managerMatch12.1.1
OR
f5big-ip_access_policy_managerMatch12.1.2
OR
f5big-ip_access_policy_managerMatch12.1.3
OR
f5big-ip_access_policy_managerMatch12.1.4
OR
f5big-ip_access_policy_managerMatch12.1.5
OR
f5big-ip_access_policy_managerMatch12.1.6
OR
f5big-ip_access_policy_managerMatch13.1.0
OR
f5big-ip_access_policy_managerMatch13.1.1
OR
f5big-ip_access_policy_managerMatch13.1.3
OR
f5big-ip_access_policy_managerMatch13.1.4
OR
f5big-ip_access_policy_managerMatch13.1.5
OR
f5big-ip_access_policy_managerMatch14.1.0
OR
f5big-ip_access_policy_managerMatch14.1.2
OR
f5big-ip_access_policy_managerMatch14.1.3
OR
f5big-ip_access_policy_managerMatch14.1.4
OR
f5big-ip_access_policy_managerMatch15.1.0
OR
f5big-ip_access_policy_managerMatch15.1.1
OR
f5big-ip_access_policy_managerMatch15.1.2
OR
f5big-ip_access_policy_managerMatch15.1.3
OR
f5big-ip_access_policy_managerMatch15.1.4
OR
f5big-ip_access_policy_managerMatch15.1.5
OR
f5big-ip_access_policy_managerMatch16.1.0
OR
f5big-ip_access_policy_managerMatch16.1.1
OR
f5big-ip_access_policy_managerMatch16.1.2
OR
f5big-ip_access_policy_managerMatch17.0.0
OR
f5big-ip_advanced_firewall_managerMatch11.6.1
OR
f5big-ip_advanced_firewall_managerMatch11.6.2
OR
f5big-ip_advanced_firewall_managerMatch11.6.3
OR
f5big-ip_advanced_firewall_managerMatch11.6.4
OR
f5big-ip_advanced_firewall_managerMatch11.6.5
OR
f5big-ip_advanced_firewall_managerMatch12.1.0
OR
f5big-ip_advanced_firewall_managerMatch12.1.1
OR
f5big-ip_advanced_firewall_managerMatch12.1.2
OR
f5big-ip_advanced_firewall_managerMatch12.1.3
OR
f5big-ip_advanced_firewall_managerMatch12.1.4
OR
f5big-ip_advanced_firewall_managerMatch12.1.5
OR
f5big-ip_advanced_firewall_managerMatch12.1.6
OR
f5big-ip_advanced_firewall_managerMatch13.1.0
OR
f5big-ip_advanced_firewall_managerMatch13.1.1
OR
f5big-ip_advanced_firewall_managerMatch13.1.3
OR
f5big-ip_advanced_firewall_managerMatch13.1.4
OR
f5big-ip_advanced_firewall_managerMatch13.1.5
OR
f5big-ip_advanced_firewall_managerMatch14.1.0
OR
f5big-ip_advanced_firewall_managerMatch14.1.2
OR
f5big-ip_advanced_firewall_managerMatch14.1.3
OR
f5big-ip_advanced_firewall_managerMatch14.1.4
OR
f5big-ip_advanced_firewall_managerMatch15.1.0
OR
f5big-ip_advanced_firewall_managerMatch15.1.1
OR
f5big-ip_advanced_firewall_managerMatch15.1.2
OR
f5big-ip_advanced_firewall_managerMatch15.1.3
OR
f5big-ip_advanced_firewall_managerMatch15.1.4
OR
f5big-ip_advanced_firewall_managerMatch15.1.5
OR
f5big-ip_advanced_firewall_managerMatch16.1.0
OR
f5big-ip_advanced_firewall_managerMatch16.1.1
OR
f5big-ip_advanced_firewall_managerMatch16.1.2
OR
f5big-ip_advanced_firewall_managerMatch17.0.0
OR
f5big-ip_analyticsMatch11.6.1
OR
f5big-ip_analyticsMatch11.6.2
OR
f5big-ip_analyticsMatch11.6.3
OR
f5big-ip_analyticsMatch11.6.4
OR
f5big-ip_analyticsMatch11.6.5
OR
f5big-ip_analyticsMatch12.1.0
OR
f5big-ip_analyticsMatch12.1.1
OR
f5big-ip_analyticsMatch12.1.2
OR
f5big-ip_analyticsMatch12.1.3
OR
f5big-ip_analyticsMatch12.1.4
OR
f5big-ip_analyticsMatch12.1.5
OR
f5big-ip_analyticsMatch12.1.6
OR
f5big-ip_analyticsMatch13.1.0
OR
f5big-ip_analyticsMatch13.1.1
OR
f5big-ip_analyticsMatch13.1.3
OR
f5big-ip_analyticsMatch13.1.4
OR
f5big-ip_analyticsMatch13.1.5
OR
f5big-ip_analyticsMatch14.1.0
OR
f5big-ip_analyticsMatch14.1.2
OR
f5big-ip_analyticsMatch14.1.3
OR
f5big-ip_analyticsMatch14.1.4
OR
f5big-ip_analyticsMatch15.1.0
OR
f5big-ip_analyticsMatch15.1.1
OR
f5big-ip_analyticsMatch15.1.2
OR
f5big-ip_analyticsMatch15.1.3
OR
f5big-ip_analyticsMatch15.1.4
OR
f5big-ip_analyticsMatch15.1.5
OR
f5big-ip_analyticsMatch16.1.0
OR
f5big-ip_analyticsMatch16.1.1
OR
f5big-ip_analyticsMatch16.1.2
OR
f5big-ip_analyticsMatch17.0.0
OR
f5big-ip_application_acceleration_managerMatch11.6.1
OR
f5big-ip_application_acceleration_managerMatch11.6.2
OR
f5big-ip_application_acceleration_managerMatch11.6.3
OR
f5big-ip_application_acceleration_managerMatch11.6.4
OR
f5big-ip_application_acceleration_managerMatch11.6.5
OR
f5big-ip_application_acceleration_managerMatch12.1.0
OR
f5big-ip_application_acceleration_managerMatch12.1.1
OR
f5big-ip_application_acceleration_managerMatch12.1.2
OR
f5big-ip_application_acceleration_managerMatch12.1.3
OR
f5big-ip_application_acceleration_managerMatch12.1.4
OR
f5big-ip_application_acceleration_managerMatch12.1.5
OR
f5big-ip_application_acceleration_managerMatch12.1.6
OR
f5big-ip_application_acceleration_managerMatch13.1.0
OR
f5big-ip_application_acceleration_managerMatch13.1.1
OR
f5big-ip_application_acceleration_managerMatch13.1.3
OR
f5big-ip_application_acceleration_managerMatch13.1.4
OR
f5big-ip_application_acceleration_managerMatch13.1.5
OR
f5big-ip_application_acceleration_managerMatch14.1.0
OR
f5big-ip_application_acceleration_managerMatch14.1.2
OR
f5big-ip_application_acceleration_managerMatch14.1.3
OR
f5big-ip_application_acceleration_managerMatch14.1.4
OR
f5big-ip_application_acceleration_managerMatch15.1.0
OR
f5big-ip_application_acceleration_managerMatch15.1.1
OR
f5big-ip_application_acceleration_managerMatch15.1.2
OR
f5big-ip_application_acceleration_managerMatch15.1.3
OR
f5big-ip_application_acceleration_managerMatch15.1.4
OR
f5big-ip_application_acceleration_managerMatch15.1.5
OR
f5big-ip_application_acceleration_managerMatch16.1.0
OR
f5big-ip_application_acceleration_managerMatch16.1.1
OR
f5big-ip_application_acceleration_managerMatch16.1.2
OR
f5big-ip_application_acceleration_managerMatch17.0.0
OR
f5big-ip_application_security_managerMatch11.6.1
OR
f5big-ip_application_security_managerMatch11.6.2
OR
f5big-ip_application_security_managerMatch11.6.3
OR
f5big-ip_application_security_managerMatch11.6.4
OR
f5big-ip_application_security_managerMatch11.6.5
OR
f5big-ip_application_security_managerMatch12.1.0
OR
f5big-ip_application_security_managerMatch12.1.1
OR
f5big-ip_application_security_managerMatch12.1.2
OR
f5big-ip_application_security_managerMatch12.1.3
OR
f5big-ip_application_security_managerMatch12.1.4
OR
f5big-ip_application_security_managerMatch12.1.5
OR
f5big-ip_application_security_managerMatch12.1.6
OR
f5big-ip_application_security_managerMatch13.1.0
OR
f5big-ip_application_security_managerMatch13.1.1
OR
f5big-ip_application_security_managerMatch13.1.3
OR
f5big-ip_application_security_managerMatch13.1.4
OR
f5big-ip_application_security_managerMatch13.1.5
OR
f5big-ip_application_security_managerMatch14.1.0
OR
f5big-ip_application_security_managerMatch14.1.2
OR
f5big-ip_application_security_managerMatch14.1.3
OR
f5big-ip_application_security_managerMatch14.1.4
OR
f5big-ip_application_security_managerMatch15.1.0
OR
f5big-ip_application_security_managerMatch15.1.1
OR
f5big-ip_application_security_managerMatch15.1.2
OR
f5big-ip_application_security_managerMatch15.1.3
OR
f5big-ip_application_security_managerMatch15.1.4
OR
f5big-ip_application_security_managerMatch15.1.5
OR
f5big-ip_application_security_managerMatch16.1.0
OR
f5big-ip_application_security_managerMatch16.1.1
OR
f5big-ip_application_security_managerMatch16.1.2
OR
f5big-ip_application_security_managerMatch17.0.0
OR
f5big-ip_domain_name_systemMatch11.6.1
OR
f5big-ip_domain_name_systemMatch11.6.2
OR
f5big-ip_domain_name_systemMatch11.6.3
OR
f5big-ip_domain_name_systemMatch11.6.4
OR
f5big-ip_domain_name_systemMatch11.6.5
OR
f5big-ip_domain_name_systemMatch12.1.0
OR
f5big-ip_domain_name_systemMatch12.1.1
OR
f5big-ip_domain_name_systemMatch12.1.2
OR
f5big-ip_domain_name_systemMatch12.1.3
OR
f5big-ip_domain_name_systemMatch12.1.4
OR
f5big-ip_domain_name_systemMatch12.1.5
OR
f5big-ip_domain_name_systemMatch12.1.6
OR
f5big-ip_domain_name_systemMatch13.1.0
OR
f5big-ip_domain_name_systemMatch13.1.1
OR
f5big-ip_domain_name_systemMatch13.1.3
OR
f5big-ip_domain_name_systemMatch13.1.4
OR
f5big-ip_domain_name_systemMatch13.1.5
OR
f5big-ip_domain_name_systemMatch14.1.0
OR
f5big-ip_domain_name_systemMatch14.1.2
OR
f5big-ip_domain_name_systemMatch14.1.3
OR
f5big-ip_domain_name_systemMatch14.1.4
OR
f5big-ip_domain_name_systemMatch15.1.0
OR
f5big-ip_domain_name_systemMatch15.1.1
OR
f5big-ip_domain_name_systemMatch15.1.2
OR
f5big-ip_domain_name_systemMatch15.1.3
OR
f5big-ip_domain_name_systemMatch15.1.4
OR
f5big-ip_domain_name_systemMatch15.1.5
OR
f5big-ip_domain_name_systemMatch16.1.0
OR
f5big-ip_domain_name_systemMatch16.1.1
OR
f5big-ip_domain_name_systemMatch16.1.2
OR
f5big-ip_domain_name_systemMatch17.0.0
OR
f5big-ip_fraud_protection_serviceMatch11.6.1
OR
f5big-ip_fraud_protection_serviceMatch11.6.2
OR
f5big-ip_fraud_protection_serviceMatch11.6.3
OR
f5big-ip_fraud_protection_serviceMatch11.6.4
OR
f5big-ip_fraud_protection_serviceMatch11.6.5
OR
f5big-ip_fraud_protection_serviceMatch12.1.0
OR
f5big-ip_fraud_protection_serviceMatch12.1.1
OR
f5big-ip_fraud_protection_serviceMatch12.1.2
OR
f5big-ip_fraud_protection_serviceMatch12.1.3
OR
f5big-ip_fraud_protection_serviceMatch12.1.4
OR
f5big-ip_fraud_protection_serviceMatch12.1.5
OR
f5big-ip_fraud_protection_serviceMatch12.1.6
OR
f5big-ip_fraud_protection_serviceMatch13.1.0
OR
f5big-ip_fraud_protection_serviceMatch13.1.1
OR
f5big-ip_fraud_protection_serviceMatch13.1.3
OR
f5big-ip_fraud_protection_serviceMatch13.1.4
OR
f5big-ip_fraud_protection_serviceMatch13.1.5
OR
f5big-ip_fraud_protection_serviceMatch14.1.0
OR
f5big-ip_fraud_protection_serviceMatch14.1.2
OR
f5big-ip_fraud_protection_serviceMatch14.1.3
OR
f5big-ip_fraud_protection_serviceMatch14.1.4
OR
f5big-ip_fraud_protection_serviceMatch15.1.0
OR
f5big-ip_fraud_protection_serviceMatch15.1.1
OR
f5big-ip_fraud_protection_serviceMatch15.1.2
OR
f5big-ip_fraud_protection_serviceMatch15.1.3
OR
f5big-ip_fraud_protection_serviceMatch15.1.4
OR
f5big-ip_fraud_protection_serviceMatch15.1.5
OR
f5big-ip_fraud_protection_serviceMatch16.1.0
OR
f5big-ip_fraud_protection_serviceMatch16.1.1
OR
f5big-ip_fraud_protection_serviceMatch16.1.2
OR
f5big-ip_fraud_protection_serviceMatch17.0.0
OR
f5big-ip_global_traffic_managerMatch11.6.1
OR
f5big-ip_global_traffic_managerMatch11.6.2
OR
f5big-ip_global_traffic_managerMatch11.6.3
OR
f5big-ip_global_traffic_managerMatch11.6.4
OR
f5big-ip_global_traffic_managerMatch11.6.5
OR
f5big-ip_global_traffic_managerMatch12.1.0
OR
f5big-ip_global_traffic_managerMatch12.1.1
OR
f5big-ip_global_traffic_managerMatch12.1.2
OR
f5big-ip_global_traffic_managerMatch12.1.3
OR
f5big-ip_global_traffic_managerMatch12.1.4
OR
f5big-ip_global_traffic_managerMatch12.1.5
OR
f5big-ip_global_traffic_managerMatch12.1.6
OR
f5big-ip_global_traffic_managerMatch13.1.0
OR
f5big-ip_global_traffic_managerMatch13.1.1
OR
f5big-ip_global_traffic_managerMatch13.1.3
OR
f5big-ip_global_traffic_managerMatch13.1.4
OR
f5big-ip_global_traffic_managerMatch13.1.5
OR
f5big-ip_global_traffic_managerMatch14.1.0
OR
f5big-ip_global_traffic_managerMatch14.1.2
OR
f5big-ip_global_traffic_managerMatch14.1.3
OR
f5big-ip_global_traffic_managerMatch14.1.4
OR
f5big-ip_global_traffic_managerMatch15.1.0
OR
f5big-ip_global_traffic_managerMatch15.1.1
OR
f5big-ip_global_traffic_managerMatch15.1.2
OR
f5big-ip_global_traffic_managerMatch15.1.3
OR
f5big-ip_global_traffic_managerMatch15.1.4
OR
f5big-ip_global_traffic_managerMatch15.1.5
OR
f5big-ip_global_traffic_managerMatch16.1.0
OR
f5big-ip_global_traffic_managerMatch16.1.1
OR
f5big-ip_global_traffic_managerMatch16.1.2
OR
f5big-ip_global_traffic_managerMatch17.0.0
OR
f5big-ip_link_controllerMatch11.6.1
OR
f5big-ip_link_controllerMatch11.6.2
OR
f5big-ip_link_controllerMatch11.6.3
OR
f5big-ip_link_controllerMatch11.6.4
OR
f5big-ip_link_controllerMatch11.6.5
OR
f5big-ip_link_controllerMatch12.1.0
OR
f5big-ip_link_controllerMatch12.1.1
OR
f5big-ip_link_controllerMatch12.1.2
OR
f5big-ip_link_controllerMatch12.1.3
OR
f5big-ip_link_controllerMatch12.1.4
OR
f5big-ip_link_controllerMatch12.1.5
OR
f5big-ip_link_controllerMatch12.1.6
OR
f5big-ip_link_controllerMatch13.1.0
OR
f5big-ip_link_controllerMatch13.1.1
OR
f5big-ip_link_controllerMatch13.1.3
OR
f5big-ip_link_controllerMatch13.1.4
OR
f5big-ip_link_controllerMatch13.1.5
OR
f5big-ip_link_controllerMatch14.1.0
OR
f5big-ip_link_controllerMatch14.1.2
OR
f5big-ip_link_controllerMatch14.1.3
OR
f5big-ip_link_controllerMatch14.1.4
OR
f5big-ip_link_controllerMatch15.1.0
OR
f5big-ip_link_controllerMatch15.1.1
OR
f5big-ip_link_controllerMatch15.1.2
OR
f5big-ip_link_controllerMatch15.1.3
OR
f5big-ip_link_controllerMatch15.1.4
OR
f5big-ip_link_controllerMatch15.1.5
OR
f5big-ip_link_controllerMatch16.1.0
OR
f5big-ip_link_controllerMatch16.1.1
OR
f5big-ip_link_controllerMatch16.1.2
OR
f5big-ip_link_controllerMatch17.0.0
OR
f5big-ip_local_traffic_managerMatch11.6.1
OR
f5big-ip_local_traffic_managerMatch11.6.2
OR
f5big-ip_local_traffic_managerMatch11.6.3
OR
f5big-ip_local_traffic_managerMatch11.6.4
OR
f5big-ip_local_traffic_managerMatch11.6.5
OR
f5big-ip_local_traffic_managerMatch12.1.0
OR
f5big-ip_local_traffic_managerMatch12.1.1
OR
f5big-ip_local_traffic_managerMatch12.1.2
OR
f5big-ip_local_traffic_managerMatch12.1.3
OR
f5big-ip_local_traffic_managerMatch12.1.4
OR
f5big-ip_local_traffic_managerMatch12.1.5
OR
f5big-ip_local_traffic_managerMatch12.1.6
OR
f5big-ip_local_traffic_managerMatch13.1.0
OR
f5big-ip_local_traffic_managerMatch13.1.1
OR
f5big-ip_local_traffic_managerMatch13.1.3
OR
f5big-ip_local_traffic_managerMatch13.1.4
OR
f5big-ip_local_traffic_managerMatch13.1.5
OR
f5big-ip_local_traffic_managerMatch14.1.0
OR
f5big-ip_local_traffic_managerMatch14.1.2
OR
f5big-ip_local_traffic_managerMatch14.1.3
OR
f5big-ip_local_traffic_managerMatch14.1.4
OR
f5big-ip_local_traffic_managerMatch15.1.0
OR
f5big-ip_local_traffic_managerMatch15.1.1
OR
f5big-ip_local_traffic_managerMatch15.1.2
OR
f5big-ip_local_traffic_managerMatch15.1.3
OR
f5big-ip_local_traffic_managerMatch15.1.4
OR
f5big-ip_local_traffic_managerMatch15.1.5
OR
f5big-ip_local_traffic_managerMatch16.1.0
OR
f5big-ip_local_traffic_managerMatch16.1.1
OR
f5big-ip_local_traffic_managerMatch16.1.2
OR
f5big-ip_local_traffic_managerMatch17.0.0
OR
f5big-ip_policy_enforcement_managerMatch11.6.1
OR
f5big-ip_policy_enforcement_managerMatch11.6.2
OR
f5big-ip_policy_enforcement_managerMatch11.6.3
OR
f5big-ip_policy_enforcement_managerMatch11.6.4
OR
f5big-ip_policy_enforcement_managerMatch11.6.5
OR
f5big-ip_policy_enforcement_managerMatch12.1.0
OR
f5big-ip_policy_enforcement_managerMatch12.1.1
OR
f5big-ip_policy_enforcement_managerMatch12.1.2
OR
f5big-ip_policy_enforcement_managerMatch12.1.3
OR
f5big-ip_policy_enforcement_managerMatch12.1.4
OR
f5big-ip_policy_enforcement_managerMatch12.1.5
OR
f5big-ip_policy_enforcement_managerMatch12.1.6
OR
f5big-ip_policy_enforcement_managerMatch13.1.0
OR
f5big-ip_policy_enforcement_managerMatch13.1.1
OR
f5big-ip_policy_enforcement_managerMatch13.1.3
OR
f5big-ip_policy_enforcement_managerMatch13.1.4
OR
f5big-ip_policy_enforcement_managerMatch13.1.5
OR
f5big-ip_policy_enforcement_managerMatch14.1.0
OR
f5big-ip_policy_enforcement_managerMatch14.1.2
OR
f5big-ip_policy_enforcement_managerMatch14.1.3
OR
f5big-ip_policy_enforcement_managerMatch14.1.4
OR
f5big-ip_policy_enforcement_managerMatch15.1.0
OR
f5big-ip_policy_enforcement_managerMatch15.1.1
OR
f5big-ip_policy_enforcement_managerMatch15.1.2
OR
f5big-ip_policy_enforcement_managerMatch15.1.3
OR
f5big-ip_policy_enforcement_managerMatch15.1.4
OR
f5big-ip_policy_enforcement_managerMatch15.1.5
OR
f5big-ip_policy_enforcement_managerMatch16.1.0
OR
f5big-ip_policy_enforcement_managerMatch16.1.1
OR
f5big-ip_policy_enforcement_managerMatch16.1.2
OR
f5big-ip_policy_enforcement_managerMatch17.0.0

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

26.9%

Related for NVD:CVE-2022-29474