CVE-2015-4040

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.

Published: Sep 17, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4040
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
f5 / enterprise_manager	3.1.0	3.1.0.x
f5 / enterprise_manager	3.0.0	3.0.0.x
f5 / enterprise_manager	3.1.1	3.1.1.x
f5 / big-ip_global_traffic_manager	-	11.3.0.x
f5 / big-ip_analytics	-	11.6.0.x
f5 / big-ip_protocol_security_module	-	11.3.0.x
f5 / big-ip_application_acceleration_manager	-	11.6.0.x
f5 / big-ip_access_policy_manager	-	11.6.0.x
f5 / big-ip_edge_gateway	-	11.3.0.x
f5 / big-ip_local_traffic_manager	-	11.6.0.x
f5 / big-ip_policy_enforcement_manager	-	11.3.0.x
f5 / big-ip_link_controller	-	11.3.0.x
f5 / big-ip_webaccelerator	-	11.3.0.x
f5 / big-ip_wan_optimization_manager	-	11.3.0.x
f5 / big-ip_application_security_manager	-	11.6.0.x
f5 / big-ip_advanced_firewall_manager	-	11.6.0.x

Vulnerability Database

289,599

CVE-2015-4040