On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
[
{
"product": "BIG-IP APM",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "11.6.0-11.6.3"
}
]
}
]