Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款F5产品XML外部实体注入漏洞
Vulnerability Description
F5 BIG-IP LTM等都是美国F5公司的产品。LTM是一款本地流量管理器;APM是一套提供安全统一访问关键业务应用和网络的解决方案。 多款F5产品的Configuration utility中存在安全漏洞。远程攻击者可利用该漏洞读取任意文件或造成拒绝服务。以下产品和版本受到影响:F5 BIG-IP LTM、ASM、GTM、Link Controller 11.0版本至11.6.0版本和10.0.0版本至10.2.4版本,AAM 11.4.0版本至11.6.0版本,ARM 11.3.0版本至11.6.
CVSS Information
N/A
Vulnerability Type
N/A