5.5
CVSSv2

CVE-2014-6032

Published: 01/11/2014 Updated: 08/09/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P

Vulnerability Summary

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Analytics 11.0.0 up to and including 11.6.0, APM and Edge Gateway 11.0.0 up to and including 11.6.0 and 10.1.0 up to and including 10.2.4, PEM 11.3.0 up to and including 11.6.0, PSM 11.0.0 up to and including 11.4.1 and 10.0.0 up to and including 10.2.4, and WOM 11.0.0 up to and including 11.3.0 and 10.0.0 up to and including 10.2.4 and Enterprise Manager 3.0.0 up to and including 3.1.1 and 2.1.0 up to and including 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

Mailing Lists

F5 Big-IP version 1130390 suffers from an XML external entity injection vulnerability ...