Design/Logic Flaw

2019-11-1521:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.

CPENameOperatorVersion
big-ip_access_policy_managerge13.1.0
big-ip_access_policy_managerlt13.1.1.5
big-ip_advanced_firewall_managerge13.1.0
big-ip_advanced_firewall_managerlt13.1.1.5
big-ip_analyticsge13.1.0
big-ip_analyticslt13.1.1.5
big-ip_application_acceleration_managerge13.1.0
big-ip_application_acceleration_managerlt13.1.1.5
big-ip_application_security_managerge13.1.0
big-ip_application_security_managerlt13.1.1.5

Name	Operator	Version
big-ip_access_policy_manager	ge	13.1.0
big-ip_access_policy_manager	lt	13.1.1.5
big-ip_advanced_firewall_manager	ge	13.1.0
big-ip_advanced_firewall_manager	lt	13.1.1.5
big-ip_analytics	ge	13.1.0
big-ip_analytics	lt	13.1.1.5
big-ip_application_acceleration_manager	ge	13.1.0
big-ip_application_acceleration_manager	lt	13.1.1.5
big-ip_application_security_manager	ge	13.1.0
big-ip_application_security_manager	lt	13.1.1.5