5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.0%
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. (CVE-2022-25647)
Impact
Traffic is disrupted for new client connections. This vulnerability allows a remote, authenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system specific to the iAppsLX service, and the BIG-IQ system specific to the iControl REST framework. There is no data plane exposure; this is a control plane issue only.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip next spk | eq | 1.5.0 | |
big-ip aam | eq | 13.1.0 | |
big-ip aam | eq | 13.1.1 | |
big-ip aam | eq | 13.1.3 | |
big-ip aam | eq | 13.1.4 | |
big-ip aam | eq | 13.1.5 | |
big-ip aam | eq | 14.1.0 | |
big-ip aam | eq | 14.1.2 | |
big-ip aam | eq | 14.1.3 | |
big-ip aam | eq | 14.1.4 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.0%