← Back

CVE-2016-3686

nvd nist
Published: Apr 13, 2016Modified: May 6, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.

Affected (18)

F5
2 products
Big Ip Edge Gateway
Big Ip Access Policy Manager
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Edge Gateway
Version 11.0.0
Big Ip Edge Gateway
Version 11.1.0
Big Ip Edge Gateway
Version 11.2.0
Big Ip Edge Gateway
Version 11.2.1
Big Ip Edge Gateway
Version 11.3.0
Configuration B
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
Version 11.0.0
Big Ip Access Policy Manager
Version 11.1.0
Big Ip Access Policy Manager
Version 11.2.0
Big Ip Access Policy Manager
Version 11.2.1
Big Ip Access Policy Manager
Version 11.3.0
Big Ip Access Policy Manager
Version 11.4.0
Big Ip Access Policy Manager
Version 11.4.1
Big Ip Access Policy Manager
Version 11.5.0
Big Ip Access Policy Manager
Version 11.5.1
Big Ip Access Policy Manager
Version 11.5.2
Big Ip Access Policy Manager
Version 11.5.3
Big Ip Access Policy Manager
Version 11.5.4
Big Ip Access Policy Manager
Version 11.6.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.