CVE-2014-6032

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html	Exploit
http://seclists.org/fulldisclosure/2014/Oct/128
http://seclists.org/fulldisclosure/2014/Oct/129
http://seclists.org/fulldisclosure/2014/Oct/130
http://www.securityfocus.com/bid/70834	Exploit
http://www.securitytracker.com/id/1031144
http://www.securitytracker.com/id/1031145
https://exchange.xforce.ibmcloud.com/vulnerabilities/98402
https://exchange.xforce.ibmcloud.com/vulnerabilities/98403
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html	Vendor Advisory
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/
http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html	Exploit
http://seclists.org/fulldisclosure/2014/Oct/128
http://seclists.org/fulldisclosure/2014/Oct/129
http://seclists.org/fulldisclosure/2014/Oct/130
http://www.securityfocus.com/bid/70834	Exploit
http://www.securitytracker.com/id/1031144
http://www.securitytracker.com/id/1031145
https://exchange.xforce.ibmcloud.com/vulnerabilities/98402
https://exchange.xforce.ibmcloud.com/vulnerabilities/98403
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html	Vendor Advisory
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:::::::*

Configuration 7 (hide)

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:::::::*

Configuration 8 (hide)

OR	cpe:2.3:a:f5:big-ip_webaccelerator:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:::::::*

Configuration 9 (hide)

OR	cpe:2.3:a:f5:big-ip_analytics:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.6.0:::::::*

Configuration 10 (hide)

OR	cpe:2.3:a:f5:big-ip_link_controller:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.6.0:::::::*

Configuration 11 (hide)

OR	cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:::::::*

Configuration 12 (hide)

OR	cpe:2.3:a:f5:enterprise_manager:3.0.0:::::::*
	cpe:2.3:a:f5:enterprise_manager:3.1.0:::::::*
	cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::*
	cpe:2.3:h:f5:enterprise_manager:2.1.0:::::::*
	cpe:2.3:h:f5:enterprise_manager:2.2.0:::::::*
	cpe:2.3:h:f5:enterprise_manager:2.3.0:::::::*

Configuration 13 (hide)

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:::::::*

Configuration 14 (hide)

OR	cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:10.2.3:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:10.2.4:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:::::::*

History

21 Nov 2024, 02:13

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html - Exploit~~	() http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html - Exploit
References	~~() http://seclists.org/fulldisclosure/2014/Oct/128 -~~	() http://seclists.org/fulldisclosure/2014/Oct/128 -
References	~~() http://seclists.org/fulldisclosure/2014/Oct/129 -~~	() http://seclists.org/fulldisclosure/2014/Oct/129 -
References	~~() http://seclists.org/fulldisclosure/2014/Oct/130 -~~	() http://seclists.org/fulldisclosure/2014/Oct/130 -
References	~~() http://www.securityfocus.com/bid/70834 - Exploit~~	() http://www.securityfocus.com/bid/70834 - Exploit
References	~~() http://www.securitytracker.com/id/1031144 -~~	() http://www.securitytracker.com/id/1031144 -
References	~~() http://www.securitytracker.com/id/1031145 -~~	() http://www.securitytracker.com/id/1031145 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/98402 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/98402 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/98403 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/98403 -
References	~~() https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html - Vendor Advisory~~	() https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html - Vendor Advisory
References	~~() https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/ -~~	() https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/ -
References	~~() https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/ -~~	() https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/ -

Information

Published : 2014-11-01 23:55

Updated : 2024-11-21 02:13

NVD link : CVE-2014-6032

Mitre link : CVE-2014-6032

CVE.ORG link : CVE-2014-6032

JSON object : View

Products Affected

big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_application_acceleration_manager
big-ip_link_controller
big-ip_wan_optimization_manager
big-ip_global_traffic_manager
big-ip_application_security_manager
enterprise_manager
big-ip_local_traffic_manager
big-ip_webaccelerator
big-ip_protocol_security_module
big-ip_policy_enforcement_manager
big-ip_edge_gateway

CWE

NVD-CWE-Other

{"id": "CVE-2014-6032", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-01T23:55:09.587", "references": [{"url": "http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/128", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/129", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/130", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70834", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1031144", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1031145", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98402", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98403", "source": "cve@mitre.org"}, {"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/", "source": "cve@mitre.org"}, {"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/128", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/129", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/130", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70834", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031144", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031145", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98402", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98403", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades XXE en la utilidad Configuration en F5 BIG-IP LTM, ASM, GTM y Link Controller 11.0 hasta la versi\u00f3n 11.6.0 and 10.0.0 hasta la versi\u00f3n 10.2.4, AAM 11.4.0 hasta la versi\u00f3n 11.6.0, ARM 11.3.0 hasta la versi\u00f3n 11.6.0, Analytics 11.0.0 hasta la versi\u00f3n 11.6.0, APM y Edge Gateway 11.0.0 hasta la versi\u00f3n 11.6.0 and 10.1.0 hasta la versi\u00f3n 10.2.4, PEM 11.3.0 hasta la versi\u00f3n 11.6.0, PSM 11.0.0 hasta la versi\u00f3n 11.4.1 y 10.0.0 hasta la versi\u00f3n 10.2.4 y WOM 11.0.0 hasta la versi\u00f3n 11.3.0 y 10.0.0 hasta la versi\u00f3n 10.2.4 y Enterprise Manager 3.0.0 hasta la versi\u00f3n 3.1.1 y 2.1.0 hasta la versi\u00f3n 2.3.0 permiten a usuarios remotos autenticados leer archivos arbitrarios y causar una denegaci\u00f3n de servicio a trav\u00e9s de una petici\u00f3n manipulada, seg\u00fan lo demostrado usando elementos (1) viewlist o (2) deal."}], "lastModified": "2024-11-21T02:13:37.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2691943C-1FD1-43EE-B070-E35710E426ED"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "288EB1AC-9DE3-4FE2-AE4D-006A49199877"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1405D7AE-D14C-40F6-9144-EF2F18A6EBC1"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E807E667-0597-4F14-902A-B922C94F572C"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02614B4F-0E90-456E-B7ED-387A3007FB45"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F482624A-BE79-4A87-B676-DBB57369D31C"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77888947-80CB-46B3-910E-DCCFDF6B3D47"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3251DB7F-0436-48D5-AF7B-F812237DB926"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8600FF27-4407-4755-A1E3-5648D9ACCB1C"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A84AF1-A18E-4AFD-B85E-49CE46A548D8"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA54B88F-4A16-4F40-8A3B-B107F0CA2334"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17C28542-51A4-4464-ADF9-C6376F829F4A"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "584853F9-644F-40B2-A28F-1CE9B51F84F6"}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFE665CF-A633-474E-9519-D20E3D3958CF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16ACB60E-B9E9-402A-BE42-DF5C892C2257"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6363B0D-AC1F-4AF5-BC02-19F77A85F3AC"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80B80111-6F28-4E7F-B9DE-27825866A138"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A8D0587-ED89-4CDB-960D-37FBD522B146"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B77088CC-8C8C-4D6E-9770-634A5BF62A3D"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D19442F-065D-4CBE-87EA-697CECD6A47C"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5445A56C-8D69-484B-8EC4-1F45B4490CC2"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AA7DCB7-D01E-492A-A810-01B15F03A783"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7F8D9A5-0C91-4458-8554-13947FD8B116"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B171AA24-6500-43D8-9167-BA9BA57682E5"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84452450-77FA-4708-9C86-5464D541C8ED"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A49B1D82-3EC2-4E20-8FF5-58248905E964"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E4CC3E0-F9B8-433F-A2B0-2306144F9B6A"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8993275-E17E-4A69-8D95-A8229E0E88D6"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0594DBC5-8470-416C-A5EA-E04F5AB2C799"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7D7863D-B064-4D7A-A66B-C3D3523425FD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA52816-C4B7-4B1E-A950-EE9B571CB06B"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2AA5127-5314-4026-905D-937B7B62473F"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09E42DAA-700D-487C-9238-F7F3D75A8C1A"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D379372-A226-4230-B1F3-04C696518BD8"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB441DC5-813E-4E59-87B8-15731291B135"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "126AD92E-6816-42C0-8801-A81B59C11A56"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "890F363A-FC4F-4F52-BBFF-E959F65043A6"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CE899AF-EA61-4B9D-9523-BF436614CE21"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5BA7D7A-02C8-411A-AFBF-D523E57A66C0"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0018A0C0-AFB3-4654-9504-78A2742C6EE0"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A1ACF2F-3C0E-42E1-A1D2-6D682B2E32C5"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C14D0DD3-E6A9-43C8-85D7-6DBB16E30DD5"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B59396A-EAFF-41D4-874F-4CA91D901807"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C9C14C5-B23C-4CE3-8FF0-52741CBB602E"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FBA20ED-08F5-4C35-991A-0DBC6BEAECC7"}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D94751C-A340-4DE7-821A-5143FA0011E4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "974C5213-99F7-4E8A-AC6A-8759697F19C4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E288D50B-7EFA-4FC8-938B-EE3765FFA24D"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4489382-0668-4CFB-BA89-D54762937CEE"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5B40837-EC2B-41FB-ACC3-806054EAF28C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65D810F8-6062-4901-9832-226F80287C8F"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C19BDD-1286-48C7-8E7D-66C100D02319"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4653A4-833F-4381-86E9-452F19A53868"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFCB7C80-DDA6-421C-92E8-E6E56E414E81"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "494085EA-7445-4592-8795-DCC035BDDC52"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD4E5E9-5289-4E84-A922-97364D8EB6EE"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "479AFDC6-CE0E-4AAC-8DA9-26ADCD96E8DA"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094BD2B6-E269-4647-A77C-B584805B6203"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C31572-6C40-4621-AB57-6768DE0D59A3"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4617DC7B-07BA-4805-9789-CFDBA8535214"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A635FEC4-4F52-4971-A67D-47E68108E4F4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC69B41E-C22D-48D2-8609-60C018F1F48D"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270EEBF6-46FA-48FC-BEC9-9C0838A86BB4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93310708-E1FE-445A-BB1F-7D1F553AEC65"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AD2C1D2-103E-4B0F-84AA-999F01E695F0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855E91A4-0A0C-4E5C-8019-FB513A793803"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "475F0EF8-42CB-4099-9C4A-390F946C4924"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7507BDFF-5B52-4A06-9F8C-2B6F3958162A"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0141FA-44E9-460E-B175-29A7FA251301"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD27EF7-3329-4009-959F-D2E4D5935E57"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3755740D-F1DC-4910-ADDD-9D491515201C"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA244A7D-F65D-4114-81C8-CE811959EA10"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B276E4DF-69FC-4158-B93A-781A45605034"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E951823B-9791-48C7-A804-18FEBEC31279"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78F1A903-4AF5-4FE6-92B0-9F0B64723804"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "383966C0-2FDD-4755-BA16-EE73D4577DFD"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AD7519A-2F81-42CB-A18A-0BA9DB0F90D0"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16F5CB9-3A92-4A96-BC24-993FCF3DC13F"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2748B48B-3E2A-4837-981E-5049CF627CBC"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A2E767A-65BC-420B-9BA3-12B51575FB37"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5E8E654-DA20-45F9-A25E-44D1E31F64C6"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C8FCFDA-703B-42DC-91FF-00066E88E49D"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA49611-A8E4-454E-98AD-B64C0202838F"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7"}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "200A9CE9-E56D-4EFA-AC8A-954F945DDDBB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FA5C323-7247-42B5-AF3E-F7E8A18932CD"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF199950-9564-4CF2-BC74-F9E1C28AC377"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A613D29A-9C7F-49A5-98E4-8477A1FF7C9E"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "867B2CA9-DAE5-4070-B8E6-F624C59F5054"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CD200C-1D14-471F-93C1-027CC676C26C"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D1850CE-D20D-4677-8CF2-1DB3A4EB33F2"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A70B1E2-0B3D-4DE9-8ED9-777F73D0B750"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D226F1-6513-4233-BE20-58D7AB24978F"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B33B2082-E040-4799-A260-BA687ED8614E"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71578014-E3CD-40A9-8AE4-537C970B4B2F"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4758B4CB-5CD9-4505-8E91-E5E849937A63"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C801C53F-9ECC-42B9-A119-5046706CA621"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02A544E4-B9BB-4735-8239-4FC57473BB1E"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91E5BF8D-7391-49E3-A17A-26A1F138A3C0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C33FD2-8473-485C-9726-5673B49A031D"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA77AD2-557E-41E5-8BE5-F4B4A1AB8E13"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C2FFC93-7053-441C-AD96-ED57F97E9A70"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "792625FF-276B-4972-8915-4571C9E26BF5"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE20D0B7-E96B-448E-B80D-0D596248B410"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DD53088-3BD4-4AF9-8934-4905231A75E8"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4CB61D3-DF59-4EE0-A0F0-5899850496B9"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF646EF0-56C8-492E-A78D-B00ECAA8D851"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D42B922-A5F7-41FC-A361-BA0E065B5B00"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB017D7A-3290-4EF5-9647-B488771A5F32"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CDEC701-DAB3-4D92-AA67-B886E6693E46"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65D810F8-6062-4901-9832-226F80287C8F"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C19BDD-1286-48C7-8E7D-66C100D02319"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4653A4-833F-4381-86E9-452F19A53868"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFCB7C80-DDA6-421C-92E8-E6E56E414E81"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "494085EA-7445-4592-8795-DCC035BDDC52"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD4E5E9-5289-4E84-A922-97364D8EB6EE"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "479AFDC6-CE0E-4AAC-8DA9-26ADCD96E8DA"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094BD2B6-E269-4647-A77C-B584805B6203"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C31572-6C40-4621-AB57-6768DE0D59A3"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4617DC7B-07BA-4805-9789-CFDBA8535214"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A635FEC4-4F52-4971-A67D-47E68108E4F4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC69B41E-C22D-48D2-8609-60C018F1F48D"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270EEBF6-46FA-48FC-BEC9-9C0838A86BB4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93310708-E1FE-445A-BB1F-7D1F553AEC65"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AD2C1D2-103E-4B0F-84AA-999F01E695F0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855E91A4-0A0C-4E5C-8019-FB513A793803"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "475F0EF8-42CB-4099-9C4A-390F946C4924"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:enterprise_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "125C8A19-4F51-42DD-BA11-F299721EFBB5"}, {"criteria": "cpe:2.3:a:f5:enterprise_manager:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C580F19-AF18-49EE-89FF-8C4F5C88314D"}, {"criteria": "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040"}, {"criteria": "cpe:2.3:h:f5:enterprise_manager:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE619B40-18EB-4F01-A416-63A66577F14F"}, {"criteria": "cpe:2.3:h:f5:enterprise_manager:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003DFFC0-C51B-43B8-897A-6AD71A7B60FD"}, {"criteria": "cpe:2.3:h:f5:enterprise_manager:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05803D5C-15CD-4600-9703-951D28173E49"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E1C4384-1728-4A71-8634-DCE3F2AEB8F2"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF1FD1C1-6980-4E9F-8DEF-D9E552510481"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9F443F1-C43F-42AD-98E4-AE11C72F363E"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AF61656-A266-4A2D-A001-54339716A4A8"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC92F47-75EB-487A-B4A2-2B0B4C78B10D"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C16CD0C3-13CC-46D2-8E33-A98B3ACC1992"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE056B1B-5037-453C-B845-06A507452821"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C72FF118-E7A5-42DE-A9A0-703E71615045"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45A53EC8-8E16-42DC-9FD8-58493C5D1EC5"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDB299B4-5893-4D91-8E5B-09BDFDB86FEF"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9EA336A-8055-4DA8-8F79-07C4ADE83E32"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "624EFAEB-15C2-422F-BAD1-D0BC37878349"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76C1525D-46DE-4362-BBAD-095BBF718990"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "259C05BB-6349-4005-9372-21623DC5002D"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12F86EB5-D581-4103-A802-44D968BA8D55"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D982EE29-D298-4D39-897A-580D867CDE50"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D477F539-2E79-47BB-A8CF-F3A73AA72A27"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C70B0F91-B269-4753-92E5-69F49CCB498D"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44847A70-9301-4C53-93AF-8888CF074F6C"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57C59A21-CFC9-41CE-AEC3-FD9E8B02A5FD"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE109CFC-59FD-4859-87EF-5FDD1BD94260"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53531CA7-5E47-4C46-BDA5-3B4710085078"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A085285-329B-4EF0-ABFB-238655E9E82D"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1591F627-3C86-4904-9236-6936D533ED75"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3136A8D1-3D0D-46B3-9A3A-737074864F1B"}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96673865-3D37-4562-831E-3ACE9DFB471E"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", "sourceIdentifier": "cve@mitre.org"}

5.5 /10