Fixes For Multiple Vulnerabilities

Fixes for the following security vulnerabilities are included in this release.

Refer to the related Support Knowledge Base article for more information.

Fix for CVE-2024-56131

Remote malicious actors who gain access to the management interface of the LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.

Fix for CVE-2024-56134

Remote malicious actors who gain access to the management interface of the LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows the content of any file on the system to be downloaded. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.

Fixes Previously Delivered in Add-On Packages

A fix for the following security vulnerability, previously delivered in an add-on package, is included in this release. If you have previously installed an add-on package to address this vulnerability, the add-on package that is named with the CVE number below can now be removed during your next maintenance cycle. [Note that leaving the add-on installed will not cause any issues.]