The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
On BIG-IP AFM version 16.0.x before 22.214.171.124, 15.1.x before 15.1.3, 14.1.x before 126.96.36.199, 13.1.x before 188.8.131.52, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Base Score: 6.5
Impact Score: 6.4
Exploitability Score: 8
Base Score: 8.8
Impact Score: 5.9
Exploitability Score: 2.8
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.6 (inclusive)