PT-2018-13282 · A10 · A10 Acos Web Application Firewall
Published
2018-08-27
·
Updated
2018-11-09
·
CVE-2018-15904
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
A10 ACOS Web Application Firewall (WAF) versions 2.7.1 through 2.7.2 before 2.7.2-P12
A10 ACOS Web Application Firewall (WAF) version 4.1.0 before 4.1.0-P11
A10 ACOS Web Application Firewall (WAF) version 4.1.1 before 4.1.1-P8
A10 ACOS Web Application Firewall (WAF) version 4.1.2 before 4.1.2-P4
Description
The issue is related to the mishandling of configured rules for blocking SQL injection attacks.
Recommendations
For version 2.7.1, update to 2.7.2-P12 or later.
For version 2.7.2 before 2.7.2-P12, update to 2.7.2-P12 or later.
For version 4.1.0 before 4.1.0-P11, update to 4.1.0-P11 or later.
For version 4.1.1 before 4.1.1-P8, update to 4.1.1-P8 or later.
For version 4.1.2 before 4.1.2-P4, update to 4.1.2-P4 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A10 Acos Web Application Firewall