Lucene search

[email protected]NVD:CVE-2023-22341

HistoryFeb 01, 2023 - 6:15 p.m.

CVE-2023-22341

2023-02-0118:15:11

CWE-476

[email protected]

web.nvd.nist.gov

big-ip apm

traffic management microkernel

oauth server

oauth profile

https virtual server

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

39.0%

JSON

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate:

An OAuth Server that references an OAuth Provider
An OAuth profile with the Authorization Endpoint set to ‘/’
An access profile that references the above OAuth profile and is associated with an HTTPS virtual server

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5.3

VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	*	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::

References

my.f5.com/manage/s/article/K20717585

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

39.0%

JSON

Related for NVD:CVE-2023-22341

nessus1 cnvd1 prion1 cve1 cvelist1 f52