PT-2017-10509 · F5 · Big-Ip Afm
Published
2017-12-21
·
Updated
2018-01-08
·
CVE-2017-0304
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP AFM versions 12.0.0 through 13.0.0
Description
A SQL injection issue exists in the BIG-IP AFM management UI. This may allow tampering with a copy of the firewall rules, impacting the Configuration Utility until a resync of the rules occurs. However, traffic processing and the live firewall rules in use are not affected.
Recommendations
For versions 12.0.0 through 13.0.0, update to a version that includes the fix for this issue to prevent potential tampering with firewall rules.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip Afm