← Back

CVE-2018-15334

nvd nist
Published: Dec 28, 2018Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

Affected (4)

F5
1 product
Big Ip Access Policy Manager
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
From 11.5.1 to 11.6.3
Big Ip Access Policy Manager
From 12.1.0 to 12.1.3
Big Ip Access Policy Manager
From 13.0.0 to 13.1.1
Big Ip Access Policy Manager
From 14.0.0 to 14.1.0

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: f5sirt@f5.com
Third Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.