Site icon API Security Blog

iControl SOAP vulnerability CVE-2022-29474

A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. ([CVE-2022-29474]())

Impact

An authenticated attacker with at least guest role privileges may exploit this vulnerability by sending a crafted request to iControl SOAP. If the exploit is successful, an attacker can read **wsdl** files in the BIG-IP file system. There is no data plane exposure; this is a control plane issue only.Read More

Exit mobile version