X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote serverβs identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.
[
{
"product": "BIG-IP (AFM, ASM)",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0-12.1.2"
},
{
"status": "affected",
"version": "11.6.0-11.6.2"
},
{
"status": "affected",
"version": "11.5.0-11.5.5"
}
]
}
]