Code injection

2018-04-1313:29:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server’s identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.

CPENameOperatorVersion
big-ip_advanced_firewall_managerge12.1.0
big-ip_advanced_firewall_managerle12.1.2
big-ip_advanced_firewall_managerge11.6.1
big-ip_advanced_firewall_managerle11.6.2
big-ip_advanced_firewall_managerge11.5.1
big-ip_advanced_firewall_managerle11.5.5
big-ip_application_security_managerge11.6.1
big-ip_application_security_managerle11.6.2
big-ip_application_security_managerge11.5.1
big-ip_application_security_managerle11.5.5

Name	Operator	Version
big-ip_advanced_firewall_manager	ge	12.1.0
big-ip_advanced_firewall_manager	le	12.1.2
big-ip_advanced_firewall_manager	ge	11.6.1
big-ip_advanced_firewall_manager	le	11.6.2
big-ip_advanced_firewall_manager	ge	11.5.1
big-ip_advanced_firewall_manager	le	11.5.5
big-ip_application_security_manager	ge	11.6.1
big-ip_application_security_manager	le	11.6.2
big-ip_application_security_manager	ge	11.5.1
big-ip_application_security_manager	le	11.5.5

Rows per page:

1-10 of 121

References

support.f5.com/csp/article/K11464209