1. Home
  2. CVE Database
  3. CVE-2015-8021
MEDIUM · 4.3

CVE-2015-8021

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 befo...

Vulnerability Description

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
F5Big-Ip Access Policy Manager11.0.0
F5Big-Ip Advanced Firewall Manager11.3.0
F5Big-Ip Analytics11.0.0
F5Big-Ip Application Acceleration Manager11.4.0
F5Big-Ip Application Security Manager11.0.0
F5Big-Ip Edge Gateway11.0.0
F5Big-Ip Global Traffic Manager11.0.0
F5Big-Ip Link Controller11.0.0
F5Big-Ip Local Traffic Manager11.0.0
F5Big-Ip Policy Enforcement Manager11.3.0
F5Big-Ip Protocol Security Module11.0.0
F5Big-Ip Wan Optimization Manager11.0.0
F5Big-Ip Webaccelerator11.0.0

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2015-8021?

CVE-2015-8021 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 befo...

How severe is CVE-2015-8021?

CVE-2015-8021 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8021?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.