Path Traversal in F5 Big-ip_access_policy_manager
CVE-2015-4040
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.068 (91.5th percentile) — read the EPSS interpretation.
Affected products
- F5 Big-ip_access_policy_manager
- F5 Big-ip_advanced_firewall_manager
- F5 Big-ip_analytics
- F5 Big-ip_application_acceleration_manager
- F5 Big-ip_application_security_manager
- F5 Big-ip_edge_gateway
- F5 Big-ip_global_traffic_manager
- F5 Big-ip_link_controller
- F5 Big-ip_local_traffic_manager
- F5 Big-ip_policy_enforcement_manager
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- 1033533 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 1033532 (vdb-entry, x_refsource_SECTRACK)