CVE-2019-6658 — SQL Injection in F5 Big-ip Advanced Firewall Manager

CWE-89 — SQL Injection5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 51.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Advanced Firewall Manager F5 Big-ip

Timeline

PublishedNov 1

Latest updateMay 24

Description

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDf5/big-ip_advanced_firewall_manager14.0.0 — 14.1.2.1+3

▶CVEListV5f5/big-ip4 versions+3

🔴Vulnerability Details

GHSA

GHSA-4vq7-74fw-ghmq: On BIG-IP AFM 15↗2022-05-24

▶

CVEList

CVE-2019-6658: On BIG-IP AFM 15↗2019-11-01

▶

💥Exploits & PoCs

Exploit-DB

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation↗2019-04-16

▶

📋Vendor Advisories

CVE-2019-6658: On BIG-IP AFM 15↗2019-11-01

▶