5.5
CVSSv2

CVE-2014-6032

Published: 01/11/2014 Updated: 08/09/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P

Vulnerability Summary

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Analytics 11.0.0 up to and including 11.6.0, APM and Edge Gateway 11.0.0 up to and including 11.6.0 and 10.1.0 up to and including 10.2.4, PEM 11.3.0 up to and including 11.6.0, PSM 11.0.0 up to and including 11.4.1 and 10.0.0 up to and including 10.2.4, and WOM 11.0.0 up to and including 11.3.0 and 10.0.0 up to and including 10.2.4 and Enterprise Manager 3.0.0 up to and including 3.1.1 and 2.1.0 up to and including 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

Affected Products

Vendor Product Versions
F5Big-ip Advanced Firewall Manager11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Analytics11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Application Acceleration Manager11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Application Security Manager10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Edge Gateway10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0
F5Big-ip Global Traffic Manager10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Link Controller10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Local Traffic Manager10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Policy Enforcement Manager11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0
F5Big-ip Protocol Security Module10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
F5Big-ip Wan Optimization Manager10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0
F5Big-ip Webaccelerator10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0
F5Enterprise Manager3.0.0, 3.1.0, 3.1.1, 2.1.0, 2.2.0, 2.3.0

Mailing Lists

F5 Big-IP version 1130390 suffers from an XML external entity injection vulnerability ...