Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22418

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2023-02-01T18:15:11.450

Last Modified

2024-11-21T07:44:46.827

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-601
  • Type: Primary
    CWE-601
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_access_policy_manager ≤ 13.1.5 Yes
Application f5 big-ip_access_policy_manager < 14.1.5.3 Yes
Application f5 big-ip_access_policy_manager < 15.1.7 Yes
Application f5 big-ip_access_policy_manager < 16.1.3.3 Yes
Application f5 big-ip_access_policy_manager < 17.0.0.2 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 13.1.5 Yes
Application f5 big-ip_advanced_firewall_manager < 14.1.5.3 Yes
Application f5 big-ip_advanced_firewall_manager < 15.1.7 Yes
Application f5 big-ip_advanced_firewall_manager < 16.1.3.3 Yes
Application f5 big-ip_advanced_firewall_manager < 17.0.0.2 Yes
Application f5 big-ip_analytics ≤ 13.1.5 Yes
Application f5 big-ip_analytics < 14.1.5.3 Yes
Application f5 big-ip_analytics < 15.1.7 Yes
Application f5 big-ip_analytics < 16.1.3.3 Yes
Application f5 big-ip_analytics < 17.0.0.2 Yes
Application f5 big-ip_application_acceleration_manager ≤ 13.1.5 Yes
Application f5 big-ip_application_acceleration_manager < 15.1.7 Yes
Application f5 big-ip_application_acceleration_manager < 16.1.3.3 Yes
Application f5 big-ip_application_acceleration_manager < 17.0.0.2 Yes
Application f5 big-ip_application_security_manager ≤ 13.1.5 Yes
Application f5 big-ip_application_security_manager < 14.1.5.3 Yes
Application f5 big-ip_application_security_manager < 15.1.7 Yes
Application f5 big-ip_application_security_manager < 16.1.3.3 Yes
Application f5 big-ip_application_security_manager < 17.0.0.2 Yes
Application f5 big-ip_ddos_hybrid_defender ≤ 13.1.5 Yes
Application f5 big-ip_ddos_hybrid_defender < 14.1.5.3 Yes
Application f5 big-ip_ddos_hybrid_defender < 15.1.7 Yes
Application f5 big-ip_ddos_hybrid_defender < 16.1.3.3 Yes
Application f5 big-ip_domain_name_system < 14.1.5.3 Yes
Application f5 big-ip_domain_name_system < 15.1.7 Yes
Application f5 big-ip_domain_name_system < 16.1.3.3 Yes
Application f5 big-ip_domain_name_system < 17.0.0.2 Yes
Application f5 big-ip_fraud_protection_service ≤ 13.1.5 Yes
Application f5 big-ip_fraud_protection_service < 15.1.7 Yes
Application f5 big-ip_fraud_protection_service < 16.1.3.3 Yes
Application f5 big-ip_fraud_protection_service < 17.0.0.2 Yes
Application f5 big-ip_link_controller ≤ 13.1.5 Yes
Application f5 big-ip_link_controller < 14.1.5.3 Yes
Application f5 big-ip_link_controller < 15.1.7 Yes
Application f5 big-ip_link_controller < 16.1.3.3 Yes
Application f5 big-ip_link_controller < 17.0.0.2 Yes
Application f5 big-ip_local_traffic_manager ≤ 13.1.5 Yes
Application f5 big-ip_local_traffic_manager < 14.1.5.3 Yes
Application f5 big-ip_local_traffic_manager < 15.1.7 Yes
Application f5 big-ip_local_traffic_manager < 16.1.3.3 Yes
Application f5 big-ip_local_traffic_manager < 17.0.0.2 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 13.1.5 Yes
Application f5 big-ip_policy_enforcement_manager < 14.1.5.3 Yes
Application f5 big-ip_policy_enforcement_manager < 15.1.7 Yes
Application f5 big-ip_policy_enforcement_manager < 16.1.3.3 Yes
Application f5 big-ip_policy_enforcement_manager < 17.0.0.2 Yes
Application f5 big-ip_ssl_orchestrator ≤ 13.1.5 Yes
Application f5 big-ip_ssl_orchestrator < 14.1.5.3 Yes
Application f5 big-ip_ssl_orchestrator < 15.1.8.1 Yes
Application f5 big-ip_ssl_orchestrator < 16.1.3.3 Yes
Application f5 big-ip_ssl_orchestrator < 17.0.0.2 Yes
References