CVE-2015-8022

Name of the Vulnerable Software and Affected Versions F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller versions 11.x through 11.2.1 before HF16, 11.3.x, 11.4.x through 11.4.1 before HF10, 11.5.x through 11.5.4, and 11.6.x through 11.6.1 F5 BIG-IP AAM versions 11.4.x through 11.4.1 before HF10, 11.5.x through 11.5.4, and 11.6.x through 11.6.1 F5 BIG-IP AFM and PEM versions 11.3.x, 11.4.x through 11.4.1 before HF10, 11.5.x through 11.5.4, and 11.6.x through 11.6.1 F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.x through 11.2.1 before HF16 and 11.3.0 F5 BIG-IP PSM versions 11.x through 11.2.1 before HF16, 11.3.x, and 11.4.x through 11.4.1 before HF10

Description The issue allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.

Recommendations For F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller versions 11.x through 11.2.1 before HF16, 11.3.x, 11.4.x through 11.4.1 before HF10, 11.5.x through 11.5.4, and 11.6.x through 11.6.1, update to a version that includes the fix, such as 11.2.1 HF16 or later, 11.4.1 HF10 or later, 11.5.4 or later, and 11.6.1 or later. For F5 BIG-IP AAM versions 11.4.x through 11.4.1 before HF10, 11.5.x through 11.5.4, and 11.6.x through 11.6.1, update to a version that includes the fix, such as 11.4.1 HF10 or later, 11.5.4 or later, and 11.6.1 or later. For F5 BIG-IP AFM and PEM versions 11.3.x, 11.4.x through 11.4.1 before HF10, 11.5.x through 11.5.4, and 11.6.x through 11.6.1, update to a version that includes the fix, such as 11.4.1 HF10 or later, 11.5.4 or later, and 11.6.1 or later. For F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.x through 11.2.1 before HF16 and 11.3.0, update to a version that includes the fix, such as 11.2.1 HF16 or later. For F5 BIG-IP PSM versions 11.x through 11.2.1 before HF16, 11.3.x, and 11.4.x through 11.4.1 before HF10, update to a version that includes the fix, such as 11.2.1 HF16 or later, and 11.4.1 HF10 or later. As a temporary workaround, consider restricting access to the Access Policy Manager customization configuration section that allows file uploads until a patch is available.