Vulnerability Note VU#210884
F5 ARX Data Manager contains a SQL injection vulnerability
F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command
F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability.
A remote authenticated attacker may be able to run arbitrary SQL commands against the backend database.
The CERT/CC is currently unaware of a practical solution to this problem. Data Manager 3.x is considered end-of-life by the vendor and will not receive a security fix.
Stop the Service
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|F5 Networks, Inc.||Affected||14 May 2014||17 Jun 2014|
CVSS Metrics (Learn More)
Thanks to Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting this vulnerability to F5.
This document was written by Jared Allar.
- CVE IDs: CVE-2014-2949
- Date Public: 06 Jun 2014
- Date First Published: 17 Jun 2014
- Date Last Updated: 17 Jun 2014
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.