Christoph Schwarz

**Name of the Vulnerable Software and Affected Versions** F5 FirePass versions 6.0.0 through 6.1.0 F5 FirePass versions 7.0.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `state` parameter in the my.activation.php3 file. **Recommendations** For F5 FirePass versions 6.0.0 through 6.1.0, update to a version that is not affected by this issue. For F5 FirePass version 7.0.0, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the my.activation.php3 file until a patch is available. Avoid using the `state` parameter in the affected file until the issue is resolved.