SQL Injection Vulnerability in F5 ARX Data Manager
CVE-2014-2949

Currently unrated

Key Information:

Vendor: F5
Status: Arx Data Manager
Vendor: CVE Published:; 18 June 2014

What is CVE-2014-2949?

A SQL injection vulnerability exists in the web service of F5 ARX Data Manager versions 3.0.0 through 3.1.0. This vulnerability allows remote authenticated users to execute arbitrary SQL commands through unspecified vectors, potentially compromising the confidentiality and integrity of the underlying database. Users and administrators of affected versions are advised to assess their systems and implement necessary security measures to mitigate risks.

References

http://support.f5.com/kb/en-us/solutions/public/15000/300...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-14-293/

x_refsource_MISC

http://www.securityfocus.com/bid/68078

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2014
Vulnerability Reserved
Apr 21, 2014