CVE-2015-8022
Summary
| CVE | CVE-2015-8022 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-08-19 21:59:01 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads. |
Risk And Classification
Primary CVSS: v3.0 7.5 HIGH from [email protected]
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.005360000 probability, percentile 0.676080000 (date 2026-05-12)
Problem Types: CWE-264 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 8.5 | AV:N/AC:M/Au:S/C:C/I:C/A:C |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
SingleConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:S/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Big-ip Access Policy Manager | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Analytics | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Link Controller | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.5.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.5.1 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.5.2 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.5.3 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 11.6.0 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.4.0 | All | All | All |
| Application | F5 | Big-ip Protocol Security Module | 11.4.1 | All | All | All |
| Application | F5 | Big-ip Wan Optimization Manager | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Wan Optimization Manager | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Wan Optimization Manager | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Wan Optimization Manager | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Wan Optimization Manager | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 11.0.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 11.1.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 11.2.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 11.2.1 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 11.3.0 | All | All | All |
| Application | F5 | Big-ip Websafe | 11.6.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| F5 BIG-IP Configuration Utility File Validation Flaw Lets Remote Authenticated Users Upload Files and Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SOL12401251 - BIG-IP file validation vulnerability CVE-2015-8022 | af854a3a-2127-422b-91ae-364da2661108 | support.f5.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.