4.3
CVE-2022-23026
- EPSS 0.3%
- Published 25.01.2022 20:15:09
- Last modified 21.11.2024 06:47:50
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 12.1.0 <= 12.1.6
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 13.1.0 <= 13.1.4
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 14.1.0 <= 14.1.4
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 15.1.0 <= 15.1.4
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 16.0.0 <= 16.1.1
F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.6
F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 <= 13.1.4
F5 ≫ Big-ip Application Acceleration Manager Version >= 14.1.0 <= 14.1.4
F5 ≫ Big-ip Application Acceleration Manager Version >= 15.1.0 <= 15.1.4
F5 ≫ Big-ip Application Acceleration Manager Version >= 16.0.0 <= 16.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.523 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.