On BIG-IP AFM 15.0.0-15.0.1 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. 

 

 

Credit:

The information has been provided by Tarantula Team

The original article can be found at:https://support.f5.com/csp/article/K21121741

 


Details

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.

 

Vulnerable Systems:

BIG-IP AFM 15.0.0-15.0.1

BIG-IP AFM 14.0.0-14.1.2

BIG-IP AFM 13.1.0-13.1.3.1

BIG-IP AFM 12.1.0-12.1.5,

 

CVE Information:

CVE-2019-6658

 

Disclosure Timeline:
Published Date: 11/01/2019