CVE-2016-3687

Published: Jun 16, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

Affected (10)

Products: F5: Big Ip Access Policy Manager, Big Ip Edge Gateway

2 products

Big Ip Access Policy Manager

Big Ip Edge Gateway

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	Version 11.2.1
F5 Big Ip Access Policy Manager	Version 11.4.0
F5 Big Ip Access Policy Manager	Version 11.4.1
F5 Big Ip Access Policy Manager	Version 11.5.0
F5 Big Ip Access Policy Manager	Version 11.5.1
F5 Big Ip Access Policy Manager	Version 11.5.2
F5 Big Ip Access Policy Manager	Version 11.5.3
F5 Big Ip Access Policy Manager	Version 11.5.4
F5 Big Ip Access Policy Manager	Version 11.6.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Edge Gateway	Version 11.2.1

References (4)

http://www.securitytracker.com/id/1036111

Source: cve@mitre.org

https://support.f5.com/kb/en-us/solutions/public/k/26/sol26738102.html

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1036111

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.f5.com/kb/en-us/solutions/public/k/26/sol26738102.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.