Lucene search

[email protected]NVD:CVE-2022-27181

HistoryMay 05, 2022 - 5:15 p.m.

CVE-2022-27181

2022-05-0517:15:12

CWE-400

[email protected]

web.nvd.nist.gov

f5 big-ip apm

security vulnerability

resource utilization

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

34.4%

JSON

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerMatch13.1.0

f5big-ip_access_policy_managerMatch13.1.1

f5big-ip_access_policy_managerMatch13.1.3

f5big-ip_access_policy_managerMatch13.1.4

f5big-ip_access_policy_managerMatch13.1.5

f5big-ip_access_policy_managerMatch14.1.0

f5big-ip_access_policy_managerMatch14.1.2

f5big-ip_access_policy_managerMatch14.1.3

f5big-ip_access_policy_managerMatch14.1.4

f5big-ip_access_policy_managerMatch15.1.0

f5big-ip_access_policy_managerMatch15.1.1

f5big-ip_access_policy_managerMatch15.1.2

f5big-ip_access_policy_managerMatch15.1.3

f5big-ip_access_policy_managerMatch15.1.4

f5big-ip_access_policy_managerMatch15.1.5

f5big-ip_access_policy_managerMatch16.1.0

f5big-ip_access_policy_managerMatch16.1.1

f5big-ip_access_policy_managerMatch16.1.2

VendorProductVersionCPE
f5big-ip_access_policy_manager13.1.0cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager13.1.1cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*
f5big-ip_access_policy_manager13.1.3cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*
f5big-ip_access_policy_manager13.1.4cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:*
f5big-ip_access_policy_manager13.1.5cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*
f5big-ip_access_policy_manager14.1.0cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager14.1.2cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*
f5big-ip_access_policy_manager14.1.3cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*
f5big-ip_access_policy_manager14.1.4cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*
f5big-ip_access_policy_manager15.1.0cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	13.1.0	cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:::::::*
f5	big-ip_access_policy_manager	13.1.1	cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:::::::*
f5	big-ip_access_policy_manager	13.1.3	cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:::::::*
f5	big-ip_access_policy_manager	13.1.4	cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:::::::*
f5	big-ip_access_policy_manager	13.1.5	cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:::::::*
f5	big-ip_access_policy_manager	14.1.0	cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:::::::*
f5	big-ip_access_policy_manager	14.1.2	cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:::::::*
f5	big-ip_access_policy_manager	14.1.3	cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:::::::*
f5	big-ip_access_policy_manager	14.1.4	cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:::::::*
f5	big-ip_access_policy_manager	15.1.0	cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:::::::*

Rows per page:

1-10 of 181

References

support.f5.com/csp/article/K93543114

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

34.4%

JSON

Related for NVD:CVE-2022-27181

nessus1 f52 cnvd1 cvelist1 cve1 prion1