Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2012-2997

CVE information

Published

10 years ago

Last Modified

6 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file..

CVSSv2.0 Score

Severity
Medium
Base Score
4/10
Exploit Score
8/10
Access Vector
Network
Access Complexity
Low
Authentication Required
Single
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:f5:big-ip_configuration_utility:10.2.4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_configuration_utility:10.0.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_configuration_utility:11.2.1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_configuration_utility:11.0.0:*:*:*:*:*:*
  Yes
- -