CVE-2015-8022 Information

Feb 14, 2021 cve

Description

The Configuration utility in F5 BIG-IP LTM Analytics APM ASM GTM and Link Controller 11.x before 11.2.1 HF16 11.3.x 11.4.x before 11.4.1 HF10 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x 11.4.x before 11.4.1 HF10 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IP Edge Gateway WebAccelerator and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16 11.3.x and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securitytracker.com/id/1036627 https://support.f5.com/kb/en-us/solutions/public/k/12/sol12401251.html

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5

Share on: