cbcvebase.
CVE-2012-2997
published 2014-01-21

CVE-2012-2997: XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote…

PriorityP334medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
6.44%
92.9th percentile
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

Affected

4 ranges
VendorProductVersion rangeFixed in
f5big-ip_configuration_utility
f5big-ip_configuration_utility
f5big-ip_configuration_utility
f5big-ip_configuration_utility
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.