All the vulnerabilites related to f5 - big-ip_guided_configuration
cve-2021-23046
Vulnerability from cvelistv5
Published
2021-09-14 14:10
Modified
2024-08-03 18:58
Severity ?
Summary
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
https://support.f5.com/csp/article/K70652532x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K70652532"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP Guided Configuration",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions before 8.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T14:10:01",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K70652532"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP Guided Configuration",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions before 8.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K70652532",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K70652532"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2021-23046",
    "datePublished": "2021-09-14T14:10:01",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27878
Vulnerability from cvelistv5
Published
2022-05-05 16:31
Modified
2024-09-16 23:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
https://support.f5.com/csp/article/K92807525x_refsource_MISC
Impacted products
Vendor Product Version
F5 BIG-IP Guided Configuration (GC) Version: All   < 9.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K92807525"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "status": "affected",
              "version": "16.1.x"
            },
            {
              "status": "affected",
              "version": "15.1.x"
            },
            {
              "status": "affected",
              "version": "14.1.x"
            },
            {
              "status": "affected",
              "version": "13.1.x"
            },
            {
              "status": "affected",
              "version": "12.1.x"
            },
            {
              "status": "affected",
              "version": "11.6.x"
            },
            {
              "lessThan": "17.0.x*",
              "status": "unaffected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "BIG-IP Guided Configuration (GC)",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was reported to F5 by a source that chooses to remain anonymous."
        }
      ],
      "datePublic": "2022-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T16:31:45",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K92807525"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
          "ID": "CVE-2022-27878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "17.0.x",
                            "version_value": "17.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "16.1.x",
                            "version_value": "16.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "15.1.x",
                            "version_value": "15.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "14.1.x",
                            "version_value": "14.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "13.1.x",
                            "version_value": "13.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.1.x",
                            "version_value": "12.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "11.6.x",
                            "version_value": "11.6.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "BIG-IP Guided Configuration (GC)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was reported to F5 by a source that chooses to remain anonymous."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K92807525",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K92807525"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2022-27878",
    "datePublished": "2022-05-05T16:31:45.750227Z",
    "dateReserved": "2022-04-19T00:00:00",
    "dateUpdated": "2024-09-16T23:45:27.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-39447
Vulnerability from cvelistv5
Published
2023-10-10 12:32
Modified
2024-09-18 20:35
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
https://my.f5.com/manage/s/article/K47756555vendor-advisory
Impacted products
Vendor Product Version
F5 BIG-IP Version: 6.0   
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K47756555"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T20:29:59.580695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T20:35:21.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "APM"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.1.4",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.1.8",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "14.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "13.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "Guided Configuration"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "F5"
        }
      ],
      "datePublic": "2023-10-18T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u0026nbsp;\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "\nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T12:32:21.469Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K47756555"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP APM Guided Configuration vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2023-39447",
    "datePublished": "2023-10-10T12:32:21.469Z",
    "dateReserved": "2023-10-05T19:17:34.520Z",
    "dateUpdated": "2024-09-18T20:35:21.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25946
Vulnerability from cvelistv5
Published
2022-05-05 16:21
Modified
2024-09-17 03:28
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
https://support.f5.com/csp/article/K52322100x_refsource_MISC
Impacted products
Vendor Product Version
F5 BIG-IP Guided Configuration (GC) Version: All   < 9.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:44.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K52322100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP (Advanced WAF, APM, ASM)",
          "vendor": "F5",
          "versions": [
            {
              "status": "affected",
              "version": "16.1.x"
            },
            {
              "status": "affected",
              "version": "15.1.x"
            },
            {
              "status": "affected",
              "version": "14.1.x"
            },
            {
              "status": "affected",
              "version": "13.1.x"
            },
            {
              "status": "affected",
              "version": "12.1.x"
            },
            {
              "status": "affected",
              "version": "11.6.x"
            },
            {
              "lessThan": "17.0.x*",
              "status": "unaffected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "BIG-IP Guided Configuration (GC)",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354 Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T16:21:26",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K52322100"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
          "ID": "CVE-2022-25946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP (Advanced WAF, APM, ASM)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "17.0.x",
                            "version_value": "17.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "16.1.x",
                            "version_value": "16.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "15.1.x",
                            "version_value": "15.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "14.1.x",
                            "version_value": "14.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "13.1.x",
                            "version_value": "13.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.1.x",
                            "version_value": "12.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "11.6.x",
                            "version_value": "11.6.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "BIG-IP Guided Configuration (GC)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-354 Improper Validation of Integrity Check Value"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K52322100",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K52322100"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2022-25946",
    "datePublished": "2022-05-05T16:21:26.941651Z",
    "dateReserved": "2022-04-19T00:00:00",
    "dateUpdated": "2024-09-17T03:28:41.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27806
Vulnerability from cvelistv5
Published
2022-05-05 16:29
Modified
2024-09-17 01:36
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
https://support.f5.com/csp/article/K68647001x_refsource_MISC
Impacted products
Vendor Product Version
F5 BIG-IP Guided Configuration (GC) Version: All   < 9.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:59.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K68647001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP (Advanced WAF, APM, ASM)",
          "vendor": "F5",
          "versions": [
            {
              "status": "affected",
              "version": "16.1.x"
            },
            {
              "status": "affected",
              "version": "15.1.x"
            },
            {
              "status": "affected",
              "version": "14.1.x"
            },
            {
              "status": "affected",
              "version": "13.1.x"
            },
            {
              "status": "affected",
              "version": "12.1.x"
            },
            {
              "status": "affected",
              "version": "11.6.x"
            },
            {
              "lessThan": "17.0.x*",
              "status": "unaffected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "BIG-IP Guided Configuration (GC)",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T16:29:58",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K68647001"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
          "ID": "CVE-2022-27806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP (Advanced WAF, APM, ASM)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "17.0.x",
                            "version_value": "17.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "16.1.x",
                            "version_value": "16.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "15.1.x",
                            "version_value": "15.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "14.1.x",
                            "version_value": "14.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "13.1.x",
                            "version_value": "13.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.1.x",
                            "version_value": "12.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "11.6.x",
                            "version_value": "11.6.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "BIG-IP Guided Configuration (GC)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K68647001",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K68647001"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2022-27806",
    "datePublished": "2022-05-05T16:29:58.078244Z",
    "dateReserved": "2022-04-19T00:00:00",
    "dateUpdated": "2024-09-17T01:36:21.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27230
Vulnerability from cvelistv5
Published
2022-05-05 16:09
Modified
2024-09-17 01:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
https://support.f5.com/csp/article/K21317311x_refsource_MISC
Impacted products
Vendor Product Version
F5 BIG-IP Guided Configuration (GC) Version: All   < 9.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:25:32.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K21317311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP APM",
          "vendor": "F5",
          "versions": [
            {
              "status": "affected",
              "version": "16.1.x"
            },
            {
              "status": "affected",
              "version": "15.1.x"
            },
            {
              "status": "affected",
              "version": "14.1.x"
            },
            {
              "status": "affected",
              "version": "13.1.x"
            },
            {
              "status": "affected",
              "version": "12.1.x"
            },
            {
              "status": "affected",
              "version": "11.6.x"
            },
            {
              "lessThan": "17.0.x*",
              "status": "unaffected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "BIG-IP Guided Configuration (GC)",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T16:09:59",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K21317311"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
          "ID": "CVE-2022-27230",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP APM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "17.0.x",
                            "version_value": "17.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "16.1.x",
                            "version_value": "16.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "15.1.x",
                            "version_value": "15.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "14.1.x",
                            "version_value": "14.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "13.1.x",
                            "version_value": "13.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "12.1.x",
                            "version_value": "12.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "11.6.x",
                            "version_value": "11.6.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "BIG-IP Guided Configuration (GC)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K21317311",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K21317311"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2022-27230",
    "datePublished": "2022-05-05T16:09:59.156080Z",
    "dateReserved": "2022-04-19T00:00:00",
    "dateUpdated": "2024-09-17T01:15:51.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2022-05-05 17:15
Modified
2024-11-21 06:56
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
f5sirt@f5.comhttps://support.f5.com/csp/article/K92807525Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K92807525Vendor Advisory
Impacted products
Vendor Product Version
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_analytics 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 13.1.3
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_analytics 14.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 14.1.3
f5 big-ip_analytics 14.1.4
f5 big-ip_analytics 15.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_analytics 15.1.3
f5 big-ip_analytics 15.1.4
f5 big-ip_analytics 15.1.5
f5 big-ip_analytics 16.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_analytics 16.1.2
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_link_controller 13.1.3
f5 big-ip_link_controller 13.1.4
f5 big-ip_link_controller 13.1.5
f5 big-ip_link_controller 14.1.0
f5 big-ip_link_controller 14.1.2
f5 big-ip_link_controller 14.1.3
f5 big-ip_link_controller 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_link_controller 15.1.1
f5 big-ip_link_controller 15.1.2
f5 big-ip_link_controller 15.1.3
f5 big-ip_link_controller 15.1.4
f5 big-ip_link_controller 15.1.5
f5 big-ip_link_controller 16.1.0
f5 big-ip_link_controller 16.1.1
f5 big-ip_link_controller 16.1.2
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_guided_configuration 6.0
f5 big-ip_guided_configuration 7.0
f5 big-ip_guided_configuration 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5491BC3C-EE0C-43FA-B870-BBF9FC4FADB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41408E51-04CC-4208-9DBA-0A5A90EFC7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90F3BA6-6466-48C5-A621-B44549419496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A3A605-EBE9-4C50-B6F4-5FBD385FA8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3E688B1-28C4-4F9A-9474-381FD22E792D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DAD24A-2D43-498E-BC43-183B669EA1FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25A33B9-2485-4D80-8F49-9B4688A39345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3E81E7-3E6A-46AD-827D-14046D93144E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9416AE8-7C48-4986-99E8-5F313715B6B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA6CE41-1D13-4A7A-94D8-C0D5740870A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29041413-B405-42A6-B9E9-A3E7C3AC1CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0C4673-2F1D-45B6-BC18-83EF68BA3601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0148360C-1167-4FF9-B231-3D53890BD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "214D3CD8-6A1A-4119-B107-0363D34B3458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA06267-4A87-4249-8A08-5A78BDCEE884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF96CE38-E834-475C-92AD-97D904D8F831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "702ACADF-C7FF-43C9-89A9-5F464718F800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7E9747B-6167-4E8B-AF48-AA55C900C872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76EAD6EA-811F-4193-A83D-E70A9A53AFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE9857F-4A59-4A9E-821C-BAF3AB450155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F691A4ED-EB2A-4FF1-B701-02F3A966BA40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DE1D99-5118-4DC4-8B37-E9448378B64D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "200AC72D-719D-4663-BE05-C9C7826DEA68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BFA5B4-AFC0-4E4C-A4E7-ED7BFDC3411F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "987AEEE0-9301-4F36-BB52-9C260741522F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A3D5FE-1B2D-44F3-83DF-BBB3DFBA2DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "189D37B0-49A3-4369-8F85-325355BE5B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71B7081C-A869-402A-9C58-219B3225DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA89EA2D-9053-4B84-AE93-208F7640750B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "153BBF00-C7A3-4654-A4F4-2F3DD54A5814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCA2C3F-7E1E-48EA-92CF-1AF5274F5012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "950A7D6C-DCA1-4B8E-B3C2-15F1845FF0D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5788C636-64A1-4A9A-BB1A-EBC4ED80C59E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48F2498F-8691-4325-8B3D-E56A5CE3F3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF19BEB3-1624-433C-9C6C-BE71752A5FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85E54209-6418-4ECE-91EE-A36D82E4AFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D536A57-C7DB-4CE1-AE13-254C650343A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "492707EC-69DD-4795-9438-46E5E9627F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "318C9307-E64D-44D4-852F-710DC0768904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8A93796-89EB-49ED-A08E-E8EDC89EE4F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "129F1B0B-44E4-4F67-B0B6-43CD2734F30A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3F5F2BF-708F-40F6-9BD0-4779DE9A1785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9FA335-23DF-4206-853A-934B41A20525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE1D83B-7E70-4AF0-85BF-530FD1F66825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "41D3317C-4A3C-48D2-A56F-7D50E2CE7759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E29063-889A-4499-AEAC-D79165EA34A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6550AF19-D3CD-4FD2-AABD-EF02579D0862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "670D14AF-EF88-4F82-B295-30BE34745808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA899CE-26F3-42C5-8AF5-ABD2E3E01CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "61795EB4-7DFF-4168-B1C3-375DA353C678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D10D74-5C97-44DE-B667-3011BBA585F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2E0BDAB-9EB9-43FB-B49C-CC8440CAF1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59742F26-53D5-49A7-B456-71FD322EFD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7DCF9E7-F55B-4448-A35A-42C26BA7123E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "074CB0CC-E7CD-402E-9EFD-954DAB79D68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ADBE394-9E74-45FE-A8C2-9F3479A60324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8BB611-EA5A-4403-90DA-89F267AD3DBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F02F4AF2-922C-4CF5-9B18-588899603F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF66FD8-CDA5-4E44-8A0D-9FF07E8C1E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FF4312-2711-4526-B604-796E637139E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF145312-4BF7-4BD1-853C-4A3F6FDF2311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B878A1C5-0FA9-46A6-93D3-9A15652CD2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E94B20-41C4-4441-A208-B44F1AFE79C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C32BB88-ECE9-49C1-B75D-D47A17399C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF25F766-7DF2-4BBB-881C-6C43C801126A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB1E835-DDA7-4D3A-B92A-DF88CE9509F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9094D9E8-4B45-4714-9626-5866B17B0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "967FD30D-8806-4C8A-BBCD-2C84FCA42BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D619D58E-D8A8-423C-BB46-EBEDCD887D92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "530F58C3-EED0-4641-B71D-8F27006EBAD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C68A60-A500-45BA-AE56-C7B2F3122691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7EAF3C-66C8-43D2-B276-77D56CA6E63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FDBD38-369B-4007-8D9A-B65B83B2AABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F18D98-3C29-4012-8A3A-0D7FB55F5735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "168FDFB8-CD1F-49C7-89BB-87278795E582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAFFCAB-144B-4C2F-88F8-D35930012F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D030F54-8F3E-4844-8B51-B93A31805010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "907FEE11-DF3B-4BE7-9BAE-5F6BE20E469D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49C435C8-DA39-41AF-9E42-AE50C96F9C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "817F7B3C-1CAC-4BD3-BD1A-C271C9516701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B89FE04-D25D-4FF0-9421-B8BED0F77997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14612AC5-945C-4402-AFF0-5FCE11B7C785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A03DD77-08C8-482F-8F79-48396ED0BF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "219F951F-C59B-4844-8558-6D07D067DF7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8FA530-5502-4FE1-A234-5E313D71B931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6578F36C-12EF-49E4-9012-2ECCE8770A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00141CBE-3AF5-40C3-B9D6-E9E61CFABECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56FC4AD6-EC04-4BC0-8B13-6AE9805AA8F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1BC7E64-0621-487A-A612-C82CC040FD90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46203B9C-8815-44FC-809B-A24F988CC5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFAF12-3981-4180-9C2C-994B93DACFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4AD1C2-6344-43C9-8887-60D39291D397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "809DE9DF-A873-4953-BE12-766D5D6E12CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B4EACF-64F4-4FB7-A257-F13972064C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397CC387-5F68-40F7-8B82-A29B160C9F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C529A4BA-F1B7-4297-A9CC-2FF0EB2CB5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "106CE093-FAED-499F-961B-11484D4A1508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0092DB5-0E5B-44DE-8299-B8AFDD18526C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ED3051-5100-4214-B212-C039F1CCCC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74DEDC05-82FC-4AD5-9DDD-D0D68DA9E26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4CDFC55-EE03-4A97-B122-1F459562B074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED85D4E-09B0-4A5F-9630-561731543064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BADF2CC-1D6F-4711-ADD1-02AE987079FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B5BB56-DFB0-4859-9980-A72D69C0747B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7851945-44BC-4B08-8156-EFC08793DC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6943EFA5-D2C4-4255-B175-6F876A06DE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "579581AF-464E-47E2-9345-1B29B8846346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE33ED3-2629-456A-AC7E-62255D6E5FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58E8A11-9D44-48BA-BCE1-3505F18E0D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54FE871-70AB-4F8D-9588-B473D8820683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0F72D7-792A-4CD8-8DED-318FBB9F8CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A79D035-9F77-4FCA-8E36-E01ED7BB71A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F933F2D2-1C1D-43F0-9BD2-4699716E4A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1013320D-D0EE-461E-AF90-049F82AC910E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "91918377-CD4C-40B6-A167-4F596EA9D2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA222867-59E6-4C3E-8F4D-003D51D93BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83A8D13-E491-4CEA-8761-9C6B39CCD402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E634D59-2B6D-49B8-A7BD-E2962CD2B455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "382A68A9-76FE-4FCC-86A8-A96D9EBB5C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC0FF34-57F5-4454-9EDB-755F60EDC89B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E110D5-07A4-4D45-B623-D0A8894A0E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9784D592-2275-4B76-BABC-A68C5C995C36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93E7270E-62BF-4974-8ACD-D9E0A6AA77D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D211D419-03FA-4E64-9551-D19B73634E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E50E357C-95EC-4278-BB26-8BC94B92CC70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C7A912-01EE-4301-84A0-465F97C8F30B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB414A2A-AA17-4137-8881-9B7BAFA5E918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3934E25-3F98-41C7-A7C8-AEA821117C34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3876A9-929E-45B4-A3FB-B6B4445B4345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9401493B-D219-4812-AA8B-A2FF43FF1BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE6221A-F603-411E-A36F-ADE237C4B35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF46DCE-2603-4E61-87B8-352FF4111567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B6989D6-DCB0-47C4-9884-3C7B9BB39652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F63FB6-FD94-409A-A00B-7D73C6A35974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A4319-E52F-4DFD-A5E2-7F0623FE0B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5756EA61-D0E4-4AC1-882D-71EE4BB6CEB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADBB0BD-F67B-43AD-AC6C-4B5EEF37BFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "427986E1-F438-42A5-AE19-D70C76C35DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCFCE08F-8FEC-478A-8620-BACE3F78BC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44E67B9-2A93-49AD-A8D8-A670D9F6DD0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEEEB4CB-ADED-46F9-85F8-5B8319811B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75641260-5656-4717-9912-FB3AF67DEC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D373DB4-A175-4196-AC1D-AD2F8845DE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE43C4B8-77B8-4AC0-BD92-33E19A7FD87D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A1E194-8FBF-4546-B8D6-6C3B9B142401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "926CAB4C-164D-410F-9B48-F6510A6FF464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE88D9B-F7BE-48CB-8776-1CBABFE33A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA16E9D-D877-4BFB-BFFA-2203852927F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "26873D65-5406-45AF-A7F4-14AF2C55D368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71666E6B-8615-4D7B-9A7B-2F6D048FE086",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4841BDDC-DBDB-48C1-B841-DF3477A8A27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D42CC-39CB-4F17-AF8F-195BC58F415D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A1D5B-D2A6-4AEE-989F-18C607FA51A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E847B072-2E86-416D-9D39-FD796770A0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C55AD7A-B63D-4DCD-8222-28CBC64900C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "282D7673-A22C-4CCB-8476-0ACE0AEE4A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3DF801-A0D8-43EE-92D6-8F0010CF1B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "41122A97-81A2-4C3C-97F6-A89AA246503A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7AE56D9-DDA5-4F8C-8F37-3C1090A95349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C95A86-994C-4F7C-A2E8-A688EE8E8286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35E73A7E-5AFD-4E8F-97E9-3D3955B38CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "588E8731-0160-4664-8BC4-45F7F55B58F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD7E85A-BE85-4CA1-B9CB-0888735EA132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB28BCE-A389-4327-8DB6-D745E0F95C5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC063A34-AB9C-47AC-A6A6-9A920C5E63B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F9FDD3-D238-44EF-8AF4-5B1987AA3E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E37750C-50F3-480A-AA40-23D59F50E4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A724B2F3-E3FA-456F-9581-0213358B654C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6CE564-D51A-4ACE-8A09-CE65D1713EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C231E06C-1121-49BD-B5FB-CB45A4D10810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D001D61-CC58-4FFF-9B1B-44046DB5FAD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C4C1D-B0F9-44EF-A535-BCE9FE501A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC35855-E381-49ED-B929-1B2F1E107615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2359AD-205D-49B8-821D-5569F63F91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56846B46-E0FC-4921-BE96-368F7CB2FB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D8FCEF-C962-404B-8663-D11C277F9839",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C07A0B7-25D3-4599-9047-8FF889AD0A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E2B279F-8EE5-44FD-9EFE-48C652289CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C053C3-AFD9-4A24-83A8-08F8D5614ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D457F-259C-460E-A3E1-CB2F737A2181",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0948894-8098-4532-9E4A-9491E3761C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DE353F-F350-41E4-ACC6-0E854B939830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "93CF4D85-6EF9-4341-85EC-04CAE039E605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2161F566-5F88-492D-BD84-7AE8D6E1AA38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F754F6FC-2A29-453F-9E9B-39C779830562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDE4D90-5AE4-4183-997E-188FF17D497E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C36C95-6191-4C6F-978A-1303E4D75126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ABEFBF8-9888-4B1D-9912-97C501AFC895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A1FBEB-A427-43A8-B2AB-2E331585D512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C2B883-EA96-4B51-865B-B1DE1561096C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C091449-089A-417E-B77C-A4EE1FB86597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB05CC1-69F8-4959-8666-D106C0D27826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6EB971F-907D-49C8-8B59-EA3895394A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F3E3A8-0AB8-4F89-961B-AE4BFDE979D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AC40D8-1554-4BB6-BD8A-055137A79E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FB3D02-E919-4F91-8FF6-32E78593C014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E26FB91C-AF0E-4996-8F52-FE4348152BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "658A1401-D4C0-47C0-B932-FB46E04697C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E1215D-2724-4249-B0FD-16C32480A11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16EFC028-D842-4E26-8DD5-A90D2D75EDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AED33D2-594D-4057-A7D5-041665AA6E07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
    },
    {
      "lang": "es",
      "value": "En todas las versiones de 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x de F5 BIG-IP, y en todas las versiones anteriores a 9.0 de F5 BIG-IP Guided Configuration (GC), Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en una p\u00e1gina no revelada de la utilidad BIG-IP Configuration que permite a un atacante ejecutar JavaScript en el contexto del usuario que ha iniciado la sesi\u00f3n. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2022-27878",
  "lastModified": "2024-11-21T06:56:23.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-05T17:15:13.763",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K92807525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K92807525"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-14 15:15
Modified
2024-11-21 05:51
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
f5sirt@f5.comhttps://support.f5.com/csp/article/K70652532Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K70652532Vendor Advisory
Impacted products
Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_guided_configuration *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50288008-B90F-4882-80AD-2C70A1F1E2DD",
              "versionEndIncluding": "13.1.4",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5286F92-3E35-4B00-AA8F-AC96449BD2F6",
              "versionEndIncluding": "14.1.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0AA66D-D6EF-4D7E-B975-9CF1A19AF279",
              "versionEndIncluding": "15.1.3",
              "versionStartIncluding": "15.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFB4E22B-105A-48A4-B5C3-3FF5D03A9947",
              "versionEndExcluding": "16.1.0",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8CB0DC-DC0E-4CBA-BDE3-E95D4E323ED4",
              "versionEndExcluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "En todas las versiones de Guided Configuration anteriores a 8.0.0, cuando es creado una configuraci\u00f3n que contiene propiedades seguras y se despliega desde Access Guided Configuration (AGC), las propiedades seguras son registradas en los registros restnoded. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2021-23046",
  "lastModified": "2024-11-21T05:51:12.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-14T15:15:07.263",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K70652532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K70652532"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-05-05 17:15
Modified
2024-11-21 06:53
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
f5sirt@f5.comhttps://support.f5.com/csp/article/K52322100Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K52322100Vendor Advisory
Impacted products
Vendor Product Version
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 13.1.0
f5 big-ip_advanced_web_application_firewall 13.1.1
f5 big-ip_advanced_web_application_firewall 13.1.3
f5 big-ip_advanced_web_application_firewall 13.1.4
f5 big-ip_advanced_web_application_firewall 13.1.5
f5 big-ip_advanced_web_application_firewall 14.1.0
f5 big-ip_advanced_web_application_firewall 14.1.2
f5 big-ip_advanced_web_application_firewall 14.1.3
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_advanced_web_application_firewall 15.1.1
f5 big-ip_advanced_web_application_firewall 15.1.2
f5 big-ip_advanced_web_application_firewall 15.1.3
f5 big-ip_advanced_web_application_firewall 15.1.4
f5 big-ip_advanced_web_application_firewall 15.1.5
f5 big-ip_advanced_web_application_firewall 16.1.0
f5 big-ip_advanced_web_application_firewall 16.1.1
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_guided_configuration *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5491BC3C-EE0C-43FA-B870-BBF9FC4FADB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41408E51-04CC-4208-9DBA-0A5A90EFC7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90F3BA6-6466-48C5-A621-B44549419496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A3A605-EBE9-4C50-B6F4-5FBD385FA8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3E688B1-28C4-4F9A-9474-381FD22E792D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DAD24A-2D43-498E-BC43-183B669EA1FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25A33B9-2485-4D80-8F49-9B4688A39345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3E81E7-3E6A-46AD-827D-14046D93144E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9416AE8-7C48-4986-99E8-5F313715B6B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA6CE41-1D13-4A7A-94D8-C0D5740870A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29041413-B405-42A6-B9E9-A3E7C3AC1CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0C4673-2F1D-45B6-BC18-83EF68BA3601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0148360C-1167-4FF9-B231-3D53890BD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "214D3CD8-6A1A-4119-B107-0363D34B3458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA06267-4A87-4249-8A08-5A78BDCEE884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF96CE38-E834-475C-92AD-97D904D8F831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "702ACADF-C7FF-43C9-89A9-5F464718F800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7E9747B-6167-4E8B-AF48-AA55C900C872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0CB7DF-0C05-409E-9BE1-587717BD2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7341E8FE-A103-4818-B38C-CCF2710C999B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "410A7A93-500B-4CBB-8841-16E7DE4101DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "441413AF-290D-43DF-B41E-61DB3598BEB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE4838A8-A7AD-44EE-A5CC-48A32C0E456A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EE8AB-76D3-464E-B8C3-47533A22F879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "206EB22C-AC2A-4A4E-8531-98E43EF497DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "769F8D7B-2052-4205-B255-9842A22DF963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F55C04B-A248-47C1-8EF5-933E4CFBB3A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE52157-F1BB-4BCA-B582-48D826BBD0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2EF76F-9A4D-4DEC-B7F6-ED7DAA16766D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F14F4EE-8E16-4E0C-8FAE-5846323DD379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E330DBEF-9020-49C1-886F-E661334BCC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D32035-7284-4D22-A243-CFEA5B01734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "927D1FD4-47F3-4A72-A360-B996892C2E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D6DDE1-8168-4681-8B68-3A3F47090994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09B41FA-2A79-447A-9C91-85FFD8099C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E031E7B7-C66C-4BC7-9BB8-F42A2B9517AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FDBD38-369B-4007-8D9A-B65B83B2AABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F18D98-3C29-4012-8A3A-0D7FB55F5735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "168FDFB8-CD1F-49C7-89BB-87278795E582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAFFCAB-144B-4C2F-88F8-D35930012F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D030F54-8F3E-4844-8B51-B93A31805010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "907FEE11-DF3B-4BE7-9BAE-5F6BE20E469D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49C435C8-DA39-41AF-9E42-AE50C96F9C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "817F7B3C-1CAC-4BD3-BD1A-C271C9516701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B89FE04-D25D-4FF0-9421-B8BED0F77997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14612AC5-945C-4402-AFF0-5FCE11B7C785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A03DD77-08C8-482F-8F79-48396ED0BF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "219F951F-C59B-4844-8558-6D07D067DF7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8FA530-5502-4FE1-A234-5E313D71B931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6578F36C-12EF-49E4-9012-2ECCE8770A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00141CBE-3AF5-40C3-B9D6-E9E61CFABECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56FC4AD6-EC04-4BC0-8B13-6AE9805AA8F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1BC7E64-0621-487A-A612-C82CC040FD90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46203B9C-8815-44FC-809B-A24F988CC5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5649E5D-9CA9-437D-AF81-6A8C1594F490",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
    },
    {
      "lang": "es",
      "value": "En todas las versiones de 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x de F5 BIG-IP Advanced WAF, ASM y ASM, y F5 BIG-IP Guided Configuration (GC) todas las versiones anteriores a 9.0, cuando es ejecutado en modo Appliance, un atacante autenticado con privilegios de rol de administrador puede ser capaz de omitir las restricciones del modo Appliance debido a una falta de comprobaci\u00f3n de integridad en F5 BIG-IP Guided Configuration. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2022-25946",
  "lastModified": "2024-11-21T06:53:15.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-05T17:15:11.017",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K52322100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K52322100"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-354"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-05-05 17:15
Modified
2024-11-21 06:55
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
f5sirt@f5.comhttps://support.f5.com/csp/article/K21317311Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K21317311Vendor Advisory
Impacted products
Vendor Product Version
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_guided_configuration *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5491BC3C-EE0C-43FA-B870-BBF9FC4FADB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41408E51-04CC-4208-9DBA-0A5A90EFC7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90F3BA6-6466-48C5-A621-B44549419496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A3A605-EBE9-4C50-B6F4-5FBD385FA8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3E688B1-28C4-4F9A-9474-381FD22E792D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DAD24A-2D43-498E-BC43-183B669EA1FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25A33B9-2485-4D80-8F49-9B4688A39345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3E81E7-3E6A-46AD-827D-14046D93144E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9416AE8-7C48-4986-99E8-5F313715B6B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA6CE41-1D13-4A7A-94D8-C0D5740870A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29041413-B405-42A6-B9E9-A3E7C3AC1CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0C4673-2F1D-45B6-BC18-83EF68BA3601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0148360C-1167-4FF9-B231-3D53890BD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "214D3CD8-6A1A-4119-B107-0363D34B3458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA06267-4A87-4249-8A08-5A78BDCEE884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF96CE38-E834-475C-92AD-97D904D8F831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "702ACADF-C7FF-43C9-89A9-5F464718F800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7E9747B-6167-4E8B-AF48-AA55C900C872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "454B3BCD-6FD1-4F88-B6AF-7DEB4F7FECAE",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
    },
    {
      "lang": "es",
      "value": "En todas las versiones de 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, y 11.6.x de F5 BIG-IP APM, y F5 BIG-IP Guided Configuration (GC) todas las versiones anteriores a 9.0, Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en una p\u00e1gina no revelada de F5 BIG-IP Guided Configuration que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2022-27230",
  "lastModified": "2024-11-21T06:55:27.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-05T17:15:12.697",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K21317311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K21317311"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-05-05 17:15
Modified
2024-11-21 06:56
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
f5sirt@f5.comhttps://support.f5.com/csp/article/K68647001Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K68647001Vendor Advisory
Impacted products
Vendor Product Version
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 13.1.0
f5 big-ip_advanced_web_application_firewall 13.1.1
f5 big-ip_advanced_web_application_firewall 13.1.3
f5 big-ip_advanced_web_application_firewall 13.1.4
f5 big-ip_advanced_web_application_firewall 13.1.5
f5 big-ip_advanced_web_application_firewall 14.1.0
f5 big-ip_advanced_web_application_firewall 14.1.2
f5 big-ip_advanced_web_application_firewall 14.1.3
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_advanced_web_application_firewall 15.1.1
f5 big-ip_advanced_web_application_firewall 15.1.2
f5 big-ip_advanced_web_application_firewall 15.1.3
f5 big-ip_advanced_web_application_firewall 15.1.4
f5 big-ip_advanced_web_application_firewall 15.1.5
f5 big-ip_advanced_web_application_firewall 16.1.0
f5 big-ip_advanced_web_application_firewall 16.1.1
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_guided_configuration *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5491BC3C-EE0C-43FA-B870-BBF9FC4FADB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41408E51-04CC-4208-9DBA-0A5A90EFC7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90F3BA6-6466-48C5-A621-B44549419496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A3A605-EBE9-4C50-B6F4-5FBD385FA8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3E688B1-28C4-4F9A-9474-381FD22E792D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DAD24A-2D43-498E-BC43-183B669EA1FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25A33B9-2485-4D80-8F49-9B4688A39345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3E81E7-3E6A-46AD-827D-14046D93144E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9416AE8-7C48-4986-99E8-5F313715B6B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA6CE41-1D13-4A7A-94D8-C0D5740870A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29041413-B405-42A6-B9E9-A3E7C3AC1CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0C4673-2F1D-45B6-BC18-83EF68BA3601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0148360C-1167-4FF9-B231-3D53890BD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "214D3CD8-6A1A-4119-B107-0363D34B3458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA06267-4A87-4249-8A08-5A78BDCEE884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF96CE38-E834-475C-92AD-97D904D8F831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "702ACADF-C7FF-43C9-89A9-5F464718F800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7E9747B-6167-4E8B-AF48-AA55C900C872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0CB7DF-0C05-409E-9BE1-587717BD2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7341E8FE-A103-4818-B38C-CCF2710C999B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "410A7A93-500B-4CBB-8841-16E7DE4101DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "441413AF-290D-43DF-B41E-61DB3598BEB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE4838A8-A7AD-44EE-A5CC-48A32C0E456A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EE8AB-76D3-464E-B8C3-47533A22F879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "206EB22C-AC2A-4A4E-8531-98E43EF497DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "769F8D7B-2052-4205-B255-9842A22DF963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F55C04B-A248-47C1-8EF5-933E4CFBB3A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE52157-F1BB-4BCA-B582-48D826BBD0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2EF76F-9A4D-4DEC-B7F6-ED7DAA16766D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F14F4EE-8E16-4E0C-8FAE-5846323DD379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E330DBEF-9020-49C1-886F-E661334BCC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D32035-7284-4D22-A243-CFEA5B01734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "927D1FD4-47F3-4A72-A360-B996892C2E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D6DDE1-8168-4681-8B68-3A3F47090994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09B41FA-2A79-447A-9C91-85FFD8099C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E031E7B7-C66C-4BC7-9BB8-F42A2B9517AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FDBD38-369B-4007-8D9A-B65B83B2AABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F18D98-3C29-4012-8A3A-0D7FB55F5735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "168FDFB8-CD1F-49C7-89BB-87278795E582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAFFCAB-144B-4C2F-88F8-D35930012F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D030F54-8F3E-4844-8B51-B93A31805010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "907FEE11-DF3B-4BE7-9BAE-5F6BE20E469D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49C435C8-DA39-41AF-9E42-AE50C96F9C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "817F7B3C-1CAC-4BD3-BD1A-C271C9516701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B89FE04-D25D-4FF0-9421-B8BED0F77997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14612AC5-945C-4402-AFF0-5FCE11B7C785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A03DD77-08C8-482F-8F79-48396ED0BF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "219F951F-C59B-4844-8558-6D07D067DF7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8FA530-5502-4FE1-A234-5E313D71B931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6578F36C-12EF-49E4-9012-2ECCE8770A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00141CBE-3AF5-40C3-B9D6-E9E61CFABECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56FC4AD6-EC04-4BC0-8B13-6AE9805AA8F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1BC7E64-0621-487A-A612-C82CC040FD90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46203B9C-8815-44FC-809B-A24F988CC5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "454B3BCD-6FD1-4F88-B6AF-7DEB4F7FECAE",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
    },
    {
      "lang": "es",
      "value": "En todas las versiones de 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x de F5 BIG-IP Advanced WAF, ASM y ASM, y F5 BIG-IP Guided Configuration (GC) todas las versiones anteriores a 9.0, cuando es ejecutado en modo Appliance, un atacante autenticado al que le haya sido asignado el rol de Administrador puede ser capaz de omitir las restricciones del modo Appliance, usando vulnerabilidades de inyecci\u00f3n de comandos en URIs no reveladas en F5 BIG-IP Guided Configuration. Nota: Las versiones de software que han alcanzado el Fin de Soporte T\u00e9cnico (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2022-27806",
  "lastModified": "2024-11-21T06:56:13.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-05T17:15:13.620",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K68647001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K68647001"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-10-10 13:15
Modified
2024-11-21 08:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
f5sirt@f5.comhttps://my.f5.com/manage/s/article/K47756555Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://my.f5.com/manage/s/article/K47756555Vendor Advisory
Impacted products
Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_guided_configuration *
f5 big-ip_guided_configuration 6.0
f5 big-ip_guided_configuration 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48743FD4-1E72-4550-92D6-F06D6D0AF142",
              "versionEndExcluding": "15.1.8",
              "versionStartIncluding": "15.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206",
              "versionEndExcluding": "16.1.4",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36042F8-9B48-4E0D-ABC1-F10BE2A49CB8",
              "versionEndIncluding": "7.7",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E1215D-2724-4249-B0FD-16C32480A11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AED33D2-594D-4057-A7D5-041665AA6E07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
    },
    {
      "lang": "es",
      "value": "Cuando se configura BIG-IP APM Guided Configurations, es posible que se registre informaci\u00f3n confidencial no divulgada en restnoded log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan."
    }
  ],
  "id": "CVE-2023-39447",
  "lastModified": "2024-11-21T08:15:26.793",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "f5sirt@f5.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-10T13:15:20.613",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K47756555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K47756555"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}