CVE-2015-8021

Name: CVE-2015-8021
Creator: NVD / NIST
Published: 2016-04-12T14:59:02.177+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.35%

Last modified Jun 17, 2026

CVE-2015-8021 is a vulnerability of currently unknown severity. Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.

Description

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.

Metrics

EPSS Probability

1.35%

68.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions
F5	Big-Ip Access Policy Manager	11.0.0
F5	Big-Ip Access Policy Manager	11.1.0
F5	Big-Ip Access Policy Manager	11.2.0
F5	Big-Ip Access Policy Manager	11.2.1
F5	Big-Ip Access Policy Manager	11.3.0
F5	Big-Ip Access Policy Manager	11.4.0
F5	Big-Ip Access Policy Manager	11.4.1
F5	Big-Ip Advanced Firewall Manager	11.3.0
F5	Big-Ip Advanced Firewall Manager	11.4.0
F5	Big-Ip Advanced Firewall Manager	11.4.1
F5	Big-Ip Analytics	11.0.0
F5	Big-Ip Analytics	11.1.0
F5	Big-Ip Analytics	11.2.0
F5	Big-Ip Analytics	11.2.1
F5	Big-Ip Analytics	11.3.0
F5	Big-Ip Analytics	11.4.0
F5	Big-Ip Analytics	11.4.1
F5	Big-Ip Application Acceleration Manager	11.4.0
F5	Big-Ip Application Acceleration Manager	11.4.1
F5	Big-Ip Application Security Manager	11.0.0
F5	Big-Ip Application Security Manager	11.1.0
F5	Big-Ip Application Security Manager	11.2.0
F5	Big-Ip Application Security Manager	11.2.1
F5	Big-Ip Application Security Manager	11.3.0
F5	Big-Ip Application Security Manager	11.4.0
F5	Big-Ip Application Security Manager	11.4.1
F5	Big-Ip Edge Gateway	11.0.0
F5	Big-Ip Edge Gateway	11.1.0
F5	Big-Ip Edge Gateway	11.2.0
F5	Big-Ip Edge Gateway	11.2.1
F5	Big-Ip Edge Gateway	11.3.0
F5	Big-Ip Global Traffic Manager	11.0.0
F5	Big-Ip Global Traffic Manager	11.1.0
F5	Big-Ip Global Traffic Manager	11.2.0
F5	Big-Ip Global Traffic Manager	11.2.1
F5	Big-Ip Global Traffic Manager	11.3.0
F5	Big-Ip Global Traffic Manager	11.4.0
F5	Big-Ip Link Controller	11.0.0
F5	Big-Ip Link Controller	11.1.0
F5	Big-Ip Link Controller	11.2.0
F5	Big-Ip Link Controller	11.2.1
F5	Big-Ip Link Controller	11.3.0
F5	Big-Ip Link Controller	11.4.0
F5	Big-Ip Link Controller	11.4.1
F5	Big-Ip Local Traffic Manager	11.0.0
F5	Big-Ip Local Traffic Manager	11.1.0
F5	Big-Ip Local Traffic Manager	11.2.0
F5	Big-Ip Local Traffic Manager	11.2.1
F5	Big-Ip Local Traffic Manager	11.3.0
F5	Big-Ip Local Traffic Manager	11.4.0

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published: Apr 12, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-8021?

How severe is CVE-2015-8021?

Severity scoring for CVE-2015-8021 is pending analysis. The EPSS model estimates a 1.35% probability of exploitation in the next 30 days.

How do I fix CVE-2015-8021?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8021?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST