The BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. (CVE-2019-6687)
Impact
This vulnerability may allow man-in-the-middle attackers to intercept traffic destined for cloud services, and read and modify data that is in transit.