Improper input validation in F5 Big-ip_access_policy_manager

CVE-2015-6546

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (55.5th percentile) — read the EPSS interpretation.

Affected products

F5 Big-ip_access_policy_manager — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_advanced_firewall_manager — versions 11.3.0, 11.4.0, 11.4.1
F5 Big-ip_analytics — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_application_acceleration_manager — versions 11.4.0, 11.4.1, 11.5.0
F5 Big-ip_application_security_manager — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_edge_gateway — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_global_traffic_manager — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_link_controller — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_local_traffic_manager — versions 11.5.0, 11.5.1, 11.5.2
F5 Big-ip_policy_enforcement_manager — versions 11.3.0, 11.4.0, 11.4.1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

1033952 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)