Vulnerability Details CVE-2015-8021
Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/82340
- http://www.securitytracker.com/id/1034781
- https://support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html
- http://www.securityfocus.com/bid/82340
- http://www.securitytracker.com/id/1034781
- https://support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html
Products affected by CVE-2015-8021
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1
-
cpe:2.3:a:f5:big-ip_analytics:11.0.0
-
cpe:2.3:a:f5:big-ip_analytics:11.1.0
-
cpe:2.3:a:f5:big-ip_analytics:11.2.0
-
cpe:2.3:a:f5:big-ip_analytics:11.2.1
-
cpe:2.3:a:f5:big-ip_analytics:11.3.0
-
cpe:2.3:a:f5:big-ip_analytics:11.4.0
-
cpe:2.3:a:f5:big-ip_analytics:11.4.1
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.1.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1
-
cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.0.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.1.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.2.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.2.1
-
cpe:2.3:a:f5:big-ip_link_controller:11.3.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.4.0
-
cpe:2.3:a:f5:big-ip_link_controller:11.4.1
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0
-
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0
-
cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.1.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1
-
cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1
-
cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0