BIG-IP platforms provisioned with AAM, AFM, Application Visibility and Reporting (AVR), APM, ASM, and/or PEM may leak sensitive data. (CVE-2019-6655)
Impact
BIG-IP (AAM, AFM, AVR, APM, ASM, PEM)
The vulnerability is only present on BIG-IP systems provisioned with AAM, AFM, AVR, APM, ASM, and/or PEM on the following interfaces:
Note: The default setting forPort LockdownisAllow None.
In both of these configurations, a malicious actor may be able to connect to the affected interface to extract sensitive information on the system, including but not limited to, client and server IP addresses, client request URIs, and metadata for attacks detected by the system.
BIG-IP (LTM, DNS, Edge Gateway, FPS, GTM, Link Controller, WebAccelerator), BIG-IQ, Enterprise Manager, and F5 iWorkflow / Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.