cvelistv5 - cve-2015-4637

CVE-2015-4637 (GCVE-0-2015-4637)

Vulnerability from cvelistv5 – Published: 2015-07-16 14:00 – Updated: 2024-08-06 06:18

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://support.f5.com/kb/en-us/solutions/public/…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-07-16T12:57:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4637",
    "datePublished": "2015-07-16T14:00:00",
    "dateReserved": "2015-06-16T00:00:00",
    "dateUpdated": "2024-08-06T06:18:12.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9768142-C554-44DE-B8D5-45CB51E3C34C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF93E82F-D38C-4D4D-99EB-E334EE163C4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3471D34-A76C-498A-8C45-1553A579A88B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E5F378-E93E-45F6-A445-F2DAB5C423F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9538F63-3DC9-42CC-87D5-3CA048AE52A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0003813A-C1A8-4ED1-A04C-7AE961E7FA22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEC1A702-0CCB-48F9-A42E-D8C756DD9D76\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.\"}, {\"lang\": \"es\", \"value\": \"La API REST en F5 BIG-IQ Cloud, Device, and Security 4.4.0 y 4.5.0 anterior a HF2 y ADC 4.5.0 anterior a HF2, cuando se configura para la autenticaci\\u00f3n remota LDAP y el servidor LDAP permite operaciones an\\u00f3nimas de bind, permite a atacantes remotos obtener un token de autenticaci\\u00f3n para usuarios arbitrarios mediante la adivinaci\\u00f3n de un nombre de cuenta de usuario de LDAP.\"}]",
      "id": "CVE-2015-4637",
      "lastModified": "2024-11-21T02:31:27.063",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-07-16T14:59:04.823",
      "references": "[{\"url\": \"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-17\"}, {\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4637\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-07-16T14:59:04.823\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.\"},{\"lang\":\"es\",\"value\":\"La API REST en F5 BIG-IQ Cloud, Device, and Security 4.4.0 y 4.5.0 anterior a HF2 y ADC 4.5.0 anterior a HF2, cuando se configura para la autenticaci\u00f3n remota LDAP y el servidor LDAP permite operaciones an\u00f3nimas de bind, permite a atacantes remotos obtener un token de autenticaci\u00f3n para usuarios arbitrarios mediante la adivinaci\u00f3n de un nombre de cuenta de usuario de LDAP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-17\"},{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9768142-C554-44DE-B8D5-45CB51E3C34C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF93E82F-D38C-4D4D-99EB-E334EE163C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3471D34-A76C-498A-8C45-1553A579A88B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E5F378-E93E-45F6-A445-F2DAB5C423F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9538F63-3DC9-42CC-87D5-3CA048AE52A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0003813A-C1A8-4ED1-A04C-7AE961E7FA22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC1A702-0CCB-48F9-A42E-D8C756DD9D76\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201507-0341

Vulnerability from variot - Updated: 2023-12-18 13:09

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0341",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq adc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-iq application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0 hf2"
      },
      {
        "model": "big-iq device",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq device",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-iq security",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0 hf2"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.4.0 hf2"
      },
      {
        "model": "big-iq security",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.4.0 hf2"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0 hf2"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.4.0 hf2"
      },
      {
        "model": "big-iq cloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.4.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "4.5.0 hf2"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-iq adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq security hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq security hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-iq device hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq device hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-iq cloud hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-iq cloud hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-iq adc hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "75943"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4637",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4637",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-82598",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4637",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-624",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82598",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4637",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "BID",
        "id": "75943"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4637"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4637",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "75943",
        "trust": 0.5
      },
      {
        "db": "VULHUB",
        "id": "VHN-82598",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4637",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4637"
      },
      {
        "db": "BID",
        "id": "75943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "id": "VAR-201507-0341",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:09:10.502000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SOL16861: BIG-IQ remote authentication vulnerability CVE-2015-4637",
        "trust": 0.8,
        "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-17",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4637"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4637"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/products/big-ip/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/17.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/75943"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4637"
      },
      {
        "db": "BID",
        "id": "75943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4637"
      },
      {
        "db": "BID",
        "id": "75943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "date": "2015-07-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4637"
      },
      {
        "date": "2015-07-06T00:00:00",
        "db": "BID",
        "id": "75943"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "date": "2015-07-16T14:59:04.823000",
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82598"
      },
      {
        "date": "2015-07-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4637"
      },
      {
        "date": "2015-07-06T00:00:00",
        "db": "BID",
        "id": "75943"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      },
      {
        "date": "2015-07-21T15:13:17",
        "db": "NVD",
        "id": "CVE-2015-4637"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  F5 BIG-IQ Series products  REST API Vulnerable to obtaining an authentication token for arbitrary users",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003879"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-624"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-4637

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4637

Aliases

CVE-2015-4637

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4637",
    "description": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.",
    "id": "GSD-2015-4637"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4637"
      ],
      "details": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.",
      "id": "GSD-2015-4637",
      "modified": "2023-12-13T01:19:59.978584Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-4637",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4637"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                },
                {
                  "lang": "en",
                  "value": "CWE-17"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-07-21T15:13Z",
      "publishedDate": "2015-07-16T14:59Z"
    }
  }
}

GHSA-3P2C-V2VR-8P3X

Vulnerability from github – Published: 2022-05-17 04:11 – Updated: 2022-05-17 04:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4637"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-16T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.",
  "id": "GHSA-3p2c-v2vr-8p3x",
  "modified": "2022-05-17T04:11:22Z",
  "published": "2022-05-17T04:11:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4637"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2015-4637

Vulnerability from fkie_nvd - Published: 2015-07-16 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-iq_adc	4.5.0
f5	big-iq_cloud	4.4.0
f5	big-iq_cloud	4.5.0
f5	big-iq_device	4.4.0
f5	big-iq_device	4.5.0
f5	big-iq_security	4.4.0
f5	big-iq_security	4.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9768142-C554-44DE-B8D5-45CB51E3C34C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF93E82F-D38C-4D4D-99EB-E334EE163C4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3471D34-A76C-498A-8C45-1553A579A88B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E5F378-E93E-45F6-A445-F2DAB5C423F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9538F63-3DC9-42CC-87D5-3CA048AE52A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0003813A-C1A8-4ED1-A04C-7AE961E7FA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name."
    },
    {
      "lang": "es",
      "value": "La API REST en F5 BIG-IQ Cloud, Device, and Security 4.4.0 y 4.5.0 anterior a HF2 y ADC 4.5.0 anterior a HF2, cuando se configura para la autenticaci\u00f3n remota LDAP y el servidor LDAP permite operaciones an\u00f3nimas de bind, permite a atacantes remotos obtener un token de autenticaci\u00f3n para usuarios arbitrarios mediante la adivinaci\u00f3n de un nombre de cuenta de usuario de LDAP."
    }
  ],
  "id": "CVE-2015-4637",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-16T14:59:04.823",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        },
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-04833

Vulnerability from cnvd - Published: 2015-07-27

Title

多款F5 BIG-IQ产品的REST API漏洞

Description

BIG-IQ 云平台为应用导向型服务的管理提供必要的核心服务。多款F5 BIG-IQ产品的REST API中存在安全漏洞，远程攻击者可通过猜测LDAP用户账户名，利用该漏洞获取任意用户的身份验证令牌。

Severity

中

Patch Name

多款F5 BIG-IQ产品的REST API漏洞的补丁

Patch Description

BIG-IQ 云平台为应用导向型服务的管理提供必要的核心服务。多款F5 BIG-IQ产品的REST API中存在安全漏洞，远程攻击者可通过猜测LDAP用户账户名，利用该漏洞获取任意用户的身份验证令牌。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html

Reference

https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html

Impacted products

Name
['F5 Networks BIG-IQ Cloud 4.4.0 - 4.5.0', 'F5 Networks BIG-IQ Device 4.4.0 - 4.5.0', 'F5 Networks BIG-IQ Security 4.4.0 - 4.5.0', 'F5 Networks BIG-IQ ADC 4.5.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75943"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4637"
    }
  },
  "description": "BIG-IQ\u00a0\u4e91\u5e73\u53f0\u4e3a\u5e94\u7528\u5bfc\u5411\u578b\u670d\u52a1\u7684\u7ba1\u7406\u63d0\u4f9b\u5fc5\u8981\u7684\u6838\u5fc3\u670d\u52a1\u3002\r\n\r\n\u591a\u6b3eF5 BIG-IQ\u4ea7\u54c1\u7684REST API\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u731c\u6d4bLDAP\u7528\u6237\u8d26\u6237\u540d\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4efb\u610f\u7528\u6237\u7684\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u3002",
  "discovererName": "F5 Networks",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04833",
  "openTime": "2015-07-27",
  "patchDescription": "BIG-IQ \u4e91\u5e73\u53f0\u4e3a\u5e94\u7528\u5bfc\u5411\u578b\u670d\u52a1\u7684\u7ba1\u7406\u63d0\u4f9b\u5fc5\u8981\u7684\u6838\u5fc3\u670d\u52a1\u3002\u591a\u6b3eF5 BIG-IQ\u4ea7\u54c1\u7684REST API\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u731c\u6d4bLDAP\u7528\u6237\u8d26\u6237\u540d\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4efb\u610f\u7528\u6237\u7684\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eF5 BIG-IQ\u4ea7\u54c1\u7684REST API\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 Networks BIG-IQ Cloud 4.4.0 - 4.5.0",
      "F5 Networks BIG-IQ Device 4.4.0 - 4.5.0",
      "F5 Networks BIG-IQ Security 4.4.0 - 4.5.0",
      "F5 Networks BIG-IQ ADC 4.5.0"
    ]
  },
  "referenceLink": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-20",
  "title": "\u591a\u6b3eF5 BIG-IQ\u4ea7\u54c1\u7684REST API\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4637 (GCVE-0-2015-4637)

VAR-201507-0341

GSD-2015-4637

GHSA-3P2C-V2VR-8P3X

FKIE_CVE-2015-4637

CNVD-2015-04833

Tags

Sightings

Nomenclature