Code injection

2023-10-1013:15:00

PRIOn knowledge base

www.prio-n.com

big-ip apm

code injection

sensitive information

restnoded log

vulnerability

nvd

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CPENameOperatorVersion
big-ip_access_policy_managereq17.0.0
big-ip_access_policy_managerge15.1.0
big-ip_access_policy_managerlt15.1.8
big-ip_access_policy_managerge16.1.0
big-ip_access_policy_managerlt16.1.4
big-ip_guided_configurationeq8.0
big-ip_guided_configurationeq6.0
big-ip_guided_configurationge7.0
big-ip_guided_configurationle7.7

Name	Operator	Version
big-ip_access_policy_manager	eq	17.0.0
big-ip_access_policy_manager	ge	15.1.0
big-ip_access_policy_manager	lt	15.1.8
big-ip_access_policy_manager	ge	16.1.0
big-ip_access_policy_manager	lt	16.1.4
big-ip_guided_configuration	eq	8.0
big-ip_guided_configuration	eq	6.0
big-ip_guided_configuration	ge	7.0
big-ip_guided_configuration	le	7.7

References

my.f5.com/manage/s/article/K47756555