On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip_access_policy_manager | ge | 11.6.1 | |
big-ip_access_policy_manager | le | 11.6.3 |