Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
2015-09-17T16:59:01.527
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | f5 | enterprise_manager | 3.0.0 | Yes |
| Application | f5 | enterprise_manager | 3.1.0 | Yes |
| Application | f5 | enterprise_manager | 3.1.1 | Yes |
| Application | f5 | big-ip_access_policy_manager | ≤ 11.6.0 | Yes |
| Application | f5 | big-ip_advanced_firewall_manager | ≤ 11.6.0 | Yes |
| Application | f5 | big-ip_analytics | ≤ 11.6.0 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | ≤ 11.6.0 | Yes |
| Application | f5 | big-ip_application_security_manager | ≤ 11.6.0 | Yes |
| Application | f5 | big-ip_edge_gateway | ≤ 11.3.0 | Yes |
| Application | f5 | big-ip_global_traffic_manager | ≤ 11.3.0 | Yes |
| Application | f5 | big-ip_link_controller | ≤ 11.3.0 | Yes |
| Application | f5 | big-ip_local_traffic_manager | ≤ 11.6.0 | Yes |
| Application | f5 | big-ip_policy_enforcement_manager | ≤ 11.3.0 | Yes |
| Application | f5 | big-ip_protocol_security_module | ≤ 11.3.0 | Yes |
| Application | f5 | big-ip_wan_optimization_manager | ≤ 11.3.0 | Yes |
| Application | f5 | big-ip_webaccelerator | ≤ 11.3.0 | Yes |