Directory traversal

2020-08-2615:15:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.

CPENameOperatorVersion
big-ip_access_policy_managerge15.1.0
big-ip_access_policy_managerlt15.1.0.5
big-ip_access_policy_managerge15.0.0
big-ip_access_policy_managerlt15.0.1.4
big-ip_advanced_firewall_managerge15.0.0
big-ip_advanced_firewall_managerlt15.0.1.4
big-ip_advanced_firewall_managerge15.1.0
big-ip_advanced_firewall_managerlt15.1.0.5
big-ip_analyticsge15.0.0
big-ip_analyticslt15.0.1.4

Name	Operator	Version
big-ip_access_policy_manager	ge	15.1.0
big-ip_access_policy_manager	lt	15.1.0.5
big-ip_access_policy_manager	ge	15.0.0
big-ip_access_policy_manager	lt	15.0.1.4
big-ip_advanced_firewall_manager	ge	15.0.0
big-ip_advanced_firewall_manager	lt	15.0.1.4
big-ip_advanced_firewall_manager	ge	15.1.0
big-ip_advanced_firewall_manager	lt	15.1.0.5
big-ip_analytics	ge	15.0.0
big-ip_analytics	lt	15.0.1.4

Rows per page:

1-10 of 521

References

support.f5.com/csp/article/K29923912