CVE-2019-6656

Published: Sep 25, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.

Affected (7)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client

2 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.5.2 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.5
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.3
F5 Big Ip Access Policy Manager	From 14.0.0 to 14.0.0.5
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.2
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.0.1
F5 Big Ip Access Policy Manager Client	From 7.1.5 to 7.1.8

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

https://support.f5.com/csp/article/K23876153

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K23876153?utm_source=f5support&amp%3Butm_medium=RSS

Source: f5sirt@f5.com

https://support.f5.com/csp/article/K23876153

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.f5.com/csp/article/K23876153?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.