On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
2022-01-25T20:15:09.787
2024-11-21T06:47:50.020
Modified
CVSSv3.1: 4.3 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:P
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | f5 | big-ip_advanced_web_application_firewall | ≤ 12.1.6 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | ≤ 13.1.4 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | ≤ 14.1.4 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | ≤ 15.1.4 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | ≤ 16.1.1 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | ≤ 12.1.6 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | ≤ 13.1.4 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | ≤ 14.1.4 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | ≤ 15.1.4 | Yes |
| Application | f5 | big-ip_application_acceleration_manager | ≤ 16.1.1 | Yes |