exploitDog

CVE-2018-15335

Опубликовано: 28 дек. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response

Ссылки

http://www.securityfocus.com/bid/106355
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K27617652
Vendor Advisory
http://www.securityfocus.com/bid/106355
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K27617652
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Версия от 13.0.0 (включая) до 13.1.1 (включая)

EPSS

Процентиль: 66%

0.0051

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-cvpc-h9hw-p85x

CVSS3: 5.9

github

больше 3 лет назад

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response

EPSS

Процентиль: 66%

0.0051

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo