CVE-2014-6032

medium F5
CVSS v3 Base Score
5.5
AV:N/AC:L/Au:S/C:P/I:N/A:P
EPSS Score
2.5%
Exploitation probability in 30 days
Top 14% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
P
Published: November 1, 2014 (4211 days ago)
Last Modified: May 6, 2026
Vendor: F5
Source: NVD

Description

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

CWE

NVD-CWE-Other

Affected Products

f5 big-ip protocol security modulef5 big-ip global traffic managerf5 big-ip policy enforcement managerf5 big-ip wan optimization managerf5 big-ip application acceleration managerf5 big-ip application security managerf5 big-ip advanced firewall managerf5 big-ip webacceleratorf5 big-ip analyticsf5 big-ip link controller

References

🔗 packetstormsecurity.com 🔗 seclists.org 🔗 seclists.org 🔗 seclists.org 🔗 www.securityfocus.com