On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Link | Resource |
---|---|
https://my.f5.com/manage/s/article/K06345931 | Vendor Advisory |
Configurations
History
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
Summary | On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
10 Feb 2023, 00:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://my.f5.com/manage/s/article/K06345931 - Vendor Advisory | |
First Time |
F5
F5 f5os-c F5 f5os-a |
|
CPE | cpe:2.3:o:f5:f5os-c:*:*:*:*:*:*:*:* cpe:2.3:o:f5:f5os-a:*:*:*:*:*:*:*:* |
|
CWE | CWE-77 |
01 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-01 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22657
Mitre link : CVE-2023-22657
CVE.ORG link : CVE-2023-22657
JSON object : View
Products Affected
f5
- f5os-c
- f5os-a
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')