Lucene search

[email protected]NVD:CVE-2023-22418

HistoryFeb 01, 2023 - 6:15 p.m.

CVE-2023-22418

2023-02-0118:15:11

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-22418

versions 17.0.x to 13.1.x

open redirect vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5.3

f5big-ip_access_policy_managerRange15.1.0–15.1.7

f5big-ip_access_policy_managerRange16.1.0–16.1.3.3

f5big-ip_access_policy_managerRange17.0.0–17.0.0.2

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.3

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.7

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.3

f5big-ip_advanced_firewall_managerRange17.0.0–17.0.0.2

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5.3

f5big-ip_analyticsRange15.1.0–15.1.7

f5big-ip_analyticsRange16.1.0–16.1.3.3

f5big-ip_analyticsRange17.0.0–17.0.0.2

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.7

f5big-ip_application_acceleration_managerRange16.1.0–16.1.3.3

f5big-ip_application_acceleration_managerRange17.0.0–17.0.0.2

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5.3

f5big-ip_application_security_managerRange15.1.0–15.1.7

f5big-ip_application_security_managerRange16.1.0–16.1.3.3

f5big-ip_application_security_managerRange17.0.0–17.0.0.2

f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.3

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.7

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.3

f5big-ip_domain_name_systemRange14.1.0–14.1.5.3

f5big-ip_domain_name_systemRange15.1.0–15.1.7

f5big-ip_domain_name_systemRange16.1.0–16.1.3.3

f5big-ip_domain_name_systemRange17.0.0–17.0.0.2

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.7

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.3

f5big-ip_fraud_protection_serviceRange17.0.0–17.0.0.2

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5.3

f5big-ip_link_controllerRange15.1.0–15.1.7

f5big-ip_link_controllerRange16.1.0–16.1.3.3

f5big-ip_link_controllerRange17.0.0–17.0.0.2

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5.3

f5big-ip_local_traffic_managerRange15.1.0–15.1.7

f5big-ip_local_traffic_managerRange16.1.0–16.1.3.3

f5big-ip_local_traffic_managerRange17.0.0–17.0.0.2

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.3

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.7

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.3

f5big-ip_policy_enforcement_managerRange17.0.0–17.0.0.2

f5big-ip_ssl_orchestratorRange13.1.0–13.1.5

f5big-ip_ssl_orchestratorRange14.1.0–14.1.5.3

f5big-ip_ssl_orchestratorRange15.1.0–15.1.8.1

f5big-ip_ssl_orchestratorRange16.1.0–16.1.3.3

f5big-ip_ssl_orchestratorRange17.0.0–17.0.0.2

References

my.f5.com/manage/s/article/K95503300

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for NVD:CVE-2023-22418

f52 nessus1 cve1 prion1 cnvd1 cvelist1