On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
[
{
"product": "BIG-IP, Enterprise Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BIG-IP 11.5.2-11.6.4, EM 3.1.1"
}
]
}
]