{"vuid":"VU#210884","idnumber":"210884","name":"F5 ARX Data Manager contains a SQL injection vulnerability","keywords":["f5","arx","data","manager","sql","injection","sqli","cwe-89"],"overview":"F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability.","clean_desc":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability.","impact":"A remote authenticated attacker may be able to run arbitrary SQL commands against the backend database.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem. Data Manager 3.x is considered end-of-life by the vendor and will not receive a security fix.","workarounds":"Stop the Service F5 recommends stopping the Data Manager Service when not in use to mitigate this vulnerability. F5's SOL15310 document explains how to disable the service.","sysaffected":"","thanks":"Thanks to Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting this vulnerability to F5.","author":"This document was written by Jared Allar.","public":["http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html?sr=38021626","http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14791.html","http://cwe.mitre.org/data/definitions/89.html"],"cveids":["CVE-2014-2949"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-05-13T14:38:38Z","publicdate":"2014-06-06T00:00:00Z","datefirstpublished":"2014-06-17T20:13:13Z","dateupdated":"2014-06-17T20:13:14Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"M","cvss_securityrequirementsir":"M","cvss_securityrequirementsar":"L","cvss_basescore":"5.5","cvss_basevector":"AV:N/AC:L/Au:S/C:P/I:P/A:N","cvss_temporalscore":"5.2","cvss_environmentalscore":"1.4172984948625","cvss_environmentalvector":"CDP:L/TD:L/CR:M/IR:M/AR:L","metric":0.0,"vulnote":null}