[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3000Date: (C)2014-01-31   (M)2023-12-22


Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html
SECUNIA-51867
BID-57500
OSVDB-89446
f5bigip-sql-injection(81457)
http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt

CPE    41
cpe:/a:f5:big-ip_analytics:11.2.1
cpe:/a:f5:big-ip_analytics:11.2.0
cpe:/a:f5:big-ip_edge_gateway:11.0.0
cpe:/a:f5:big-ip_global_traffic_manager:11.1.0
...
CWE    1
CWE-89

© SecPod Technologies