CVE-2015-8022
HIGHF5 BIG-IP <11.2.1 HF16, 11.3.x, 11.4.x <11.4.1 HF10, 11.5.x <11.5.4...
Title source: llmDescription
The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/k/12/sol12401251.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036627
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (50)
f5/big-ip_access_policy_manager
11.0.0
f5/big-ip_access_policy_manager
11.1.0
f5/big-ip_access_policy_manager
11.2.0
f5/big-ip_access_policy_manager
11.2.1
f5/big-ip_access_policy_manager
11.3.0
f5/big-ip_access_policy_manager
11.4.0
f5/big-ip_access_policy_manager
11.4.1
f5/big-ip_access_policy_manager
11.5.0
f5/big-ip_access_policy_manager
11.5.1
f5/big-ip_access_policy_manager
11.5.2
... and 40 more
Published
Aug 19, 2016
Tracked Since
Feb 18, 2026