CVE-2016-5021
4.9
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD
Description
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
Affected (73)
Products: F5: Big Iq Application Delivery Controller, Big Iq Cloud And Orchestration, Big Ip Application Acceleration Manager, Big Ip Access Policy Manager, Big Ip Local Traffic Manager, Big Ip Global Traffic Manager, Big Iq Security, Big Iq Cloud, Big Ip Application Security Manager, Big Iq Centralized Management, Big Ip Domain Name System, Big Ip Analytics, Big Ip Link Controller, Big Ip Policy Enforcement Manager, Big Iq Device, Big Ip Advanced Firewall Manager
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.5.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.0.0 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.0.0 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.6.0 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 12.0.0 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.2.0 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.5.0 |
References (4)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.