CVE-2023-39447

Published: Oct 10, 2023Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: f5sirt@f5.com (Secondary)

Description

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (6)

Products: F5: Big Ip Access Policy Manager, Big Ip Guided Configuration

2 products

Big Ip Access Policy Manager

Big Ip Guided Configuration

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.8
F5 Big Ip Access Policy Manager	From 16.1.0 to 16.1.4
F5 Big Ip Access Policy Manager	Version 17.0.0
F5 Big Ip Guided Configuration	From 7.0 to 7.7
F5 Big Ip Guided Configuration	Version 6.0
F5 Big Ip Guided Configuration	Version 8.0

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://my.f5.com/manage/s/article/K47756555

Source: f5sirt@f5.com

Vendor Advisory

https://my.f5.com/manage/s/article/K47756555

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.