4

CVE-2012-2997

Exploit

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Configuration Utility Version10.0.0
F5Big-ip Configuration Utility Version10.2.4
F5Big-ip Configuration Utility Version11.0.0
F5Big-ip Configuration Utility Version11.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 8.85% 0.922
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.