Lucene search

CertccCVE-2012-3000

HistoryJan 30, 2014 - 3:06 p.m.

CVE-2012-3000

2014-01-3015:06:21

CWE-89

certcc

web.nvd.nist.gov

cve-2012-3000

sql injection

sam

admin

reports

savesettings.php

apm webgui

f5 big-ip

ltm

gtm

asm

link controller

psm

apm

edge gateway

analytics

avr webgui

webaccelerator

wom 11.2.x

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.004

Percentile

73.1%

JSON

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.

Affected configurations

Nvd

Node

f5big-ip_webacceleratorMatch11.0.0

f5big-ip_webacceleratorMatch11.1.0

f5big-ip_webacceleratorMatch11.2.0

f5big-ip_webacceleratorMatch11.2.1

Node

f5big-ip_global_traffic_managerMatch11.0.0

f5big-ip_global_traffic_managerMatch11.0.0hf1

f5big-ip_global_traffic_managerMatch11.1.0

f5big-ip_global_traffic_managerMatch11.1.0hf2

f5big-ip_global_traffic_managerMatch11.2.0

f5big-ip_global_traffic_managerMatch11.2.1

Node

f5big-ip_local_traffic_managerMatch11.0.0

f5big-ip_local_traffic_managerMatch11.0.0hf1

f5big-ip_local_traffic_managerMatch11.1.0

f5big-ip_local_traffic_managerMatch11.1.0hf2

f5big-ip_local_traffic_managerMatch11.2.0

f5big-ip_local_traffic_managerMatch11.2.1

Node

f5big-ip_protocol_security_moduleMatch11.0.0

f5big-ip_protocol_security_moduleMatch11.1.0

f5big-ip_protocol_security_moduleMatch11.2.0

f5big-ip_protocol_security_moduleMatch11.2.1

Node

f5big-ip_wan_optimization_managerMatch11.0.0

f5big-ip_wan_optimization_managerMatch11.1.0

f5big-ip_wan_optimization_managerMatch11.2.0

f5big-ip_wan_optimization_managerMatch11.2.1

Node

f5big-ip_link_controllerMatch11.0.0

f5big-ip_link_controllerMatch11.1.0

f5big-ip_link_controllerMatch11.2.0

f5big-ip_link_controllerMatch11.2.1

Node

f5big-ip_analyticsMatch11.0.0

f5big-ip_analyticsMatch11.1.0

f5big-ip_analyticsMatch11.2.0

f5big-ip_analyticsMatch11.2.1

Node

f5big-ip_application_security_managerMatch11.0.0

f5big-ip_application_security_managerMatch11.0.0hf1

f5big-ip_application_security_managerMatch11.1.0

f5big-ip_application_security_managerMatch11.1.0hf2

f5big-ip_application_security_managerMatch11.2.0

f5big-ip_application_security_managerMatch11.2.1

Node

f5big-ip_access_policy_managerMatch11.1.0

f5big-ip_access_policy_managerMatch11.2.0

f5big-ip_access_policy_managerMatch11.2.1

f5big-ip_access_policy_managerMatch11.0.0

f5big-ip_access_policy_managerMatch11.1.0

f5big-ip_access_policy_managerMatch11.2.0

f5big-ip_access_policy_managerMatch11.2.1

Node

f5big-ip_edge_gatewayMatch11.0.0

f5big-ip_edge_gatewayMatch11.1.0

f5big-ip_edge_gatewayMatch11.2.0

f5big-ip_edge_gatewayMatch11.2.1

VendorProductVersionCPE
f5big-ip_webaccelerator11.0.0cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*
f5big-ip_webaccelerator11.1.0cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*
f5big-ip_webaccelerator11.2.0cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*
f5big-ip_webaccelerator11.2.1cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*
f5big-ip_global_traffic_manager11.0.0cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*
f5big-ip_global_traffic_manager11.0.0cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:hf1:*:*:*:*:*:*
f5big-ip_global_traffic_manager11.1.0cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:*:*:*:*:*:*:*
f5big-ip_global_traffic_manager11.1.0cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:hf2:*:*:*:*:*:*
f5big-ip_global_traffic_manager11.2.0cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0:*:*:*:*:*:*:*
f5big-ip_global_traffic_manager11.2.1cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_webaccelerator	11.0.0	cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:::::::*
f5	big-ip_webaccelerator	11.1.0	cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:::::::*
f5	big-ip_webaccelerator	11.2.0	cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:::::::*
f5	big-ip_webaccelerator	11.2.1	cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:::::::*
f5	big-ip_global_traffic_manager	11.0.0	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:::::::*
f5	big-ip_global_traffic_manager	11.0.0	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:hf1::::::
f5	big-ip_global_traffic_manager	11.1.0	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:::::::*
f5	big-ip_global_traffic_manager	11.1.0	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:hf2::::::
f5	big-ip_global_traffic_manager	11.2.0	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0:::::::*
f5	big-ip_global_traffic_manager	11.2.1	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:::::::*