Design/Logic Flaw

2019-11-2722:15:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic.

CPENameOperatorVersion
big-ip_application_security_managerge15.0.0
big-ip_application_security_managerle15.0.1
big-ip_application_security_managerge13.1.0
big-ip_application_security_managerle13.1.3.1
big-ip_application_security_managerge14.0.0
big-ip_application_security_managerle14.0.1
big-ip_application_security_managerge14.1.0
big-ip_application_security_managerle14.1.2
big-iq_centralized_managementge5.2.0
big-iq_centralized_managementle5.4.0

Name	Operator	Version
big-ip_application_security_manager	ge	15.0.0
big-ip_application_security_manager	le	15.0.1
big-ip_application_security_manager	ge	13.1.0
big-ip_application_security_manager	le	13.1.3.1
big-ip_application_security_manager	ge	14.0.0
big-ip_application_security_manager	le	14.0.1
big-ip_application_security_manager	ge	14.1.0
big-ip_application_security_manager	le	14.1.2
big-iq_centralized_management	ge	5.2.0
big-iq_centralized_management	le	5.4.0