F5 Networks ARX Data Manager SQL Injection Vulnerability (CVE-2014-2949)

F5 Networks ARX Data Manager SQL Injection Vulnerability (CVE-2014-2949)

Release date:
Updated on:

Affected Systems:
F5 Networks ARX Data Manager 3.0.0-3.1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68078
CVE (CAN) ID: CVE-2014-2949
 
F5 Networks ARX Data Manager is a solution for managing the file storage environment.

F5 Networks ARX Data Manager 3.0.0-3.1.0 has the SQL injection vulnerability. Attackers can exploit this vulnerability to tamper with the SQL query logic to perform unauthorized operations on lower-level databases.
 
<* Source: Andrea Micalizzi

Link: http://www.kb.cert.org/vuls/id/210884
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
F5
--
Currently the vendor has not provided patch or upgrade programs, we recommend that users using this software can temporarily stop the Data Manager service, how to disable this service, see: http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html? Sr= 38021626
 
Then, keep an eye on the vendor's homepage to get the latest version:
 
Http://support.f5.com/kb/en-us/solutions/public/
 
Http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html? Sr= 38021626
Http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14791.html
Http://cwe.mitre.org/data/definitions/89.html

This article permanently updates the link address: