Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23031

EPSS 0.37% · P59
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-23031

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 BIG-IP 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在代码问题漏洞,该漏洞允许经过身份验证的高特权攻击者读取本地文件并强制 BIG-IP 发送 HTTP 请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-BIG-IP FPS, ASM, and Advanced WAF 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4 -

II. Public POCs for CVE-2022-23031

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-23031

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-01-25 · 67 CVEs total

CVE-2021-45803MartDevelopers Iresturant SQL注入漏洞
CVE-2021-40159Autodesk Inventor 信息泄露漏洞
CVE-2021-40158Autodesk Inventor 缓冲区错误漏洞
CVE-2021-44988JerryScript 缓冲区错误漏洞
CVE-2021-46483Jsish 缓冲区错误漏洞
CVE-2022-23935exiftool 操作系统命令注入漏洞
CVE-2021-45340libsixel 代码问题漏洞
CVE-2021-45844FreeCad 操作系统命令注入漏洞
CVE-2021-45845FreeCad 操作系统命令注入漏洞
CVE-2021-45802MartDevelopers Iresturant SQL注入漏洞
CVE-2021-46481Jsish 安全漏洞
CVE-2021-46113MartDevelopers KEA-Hotel-ERP 代码问题漏洞
CVE-2021-45846Slic3r 代码问题漏洞
CVE-2021-45847Slic3r 代码问题漏洞
CVE-2021-46089JeecgBoot SQL注入漏洞
CVE-2021-46033ForestBlog 代码问题漏洞
CVE-2021-46034ForestBlog 跨站脚本漏洞
CVE-2021-46086Mindskip xzs-mysql 权限许可和访问控制问题漏洞
CVE-2021-46084Uscat 跨站脚本漏洞
CVE-2021-46083Uscat 跨站脚本漏洞

Showing top 20 of 67 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-611

V. Comments for CVE-2022-23031

No comments yet

Leave a comment