CVE-2016-3687F5 Big-ip Edge Gateway vulnerability

3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Access Policy ManagerF5 Big-ip Edge Gateway
Timeline
PublishedJun 16
Latest updateMay 17

Description

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-f3qw-63vj-v3fm: Open redirect vulnerability in F5 BIG-IP APM 112022-05-17
CVEList
CVE-2016-3687: Open redirect vulnerability in F5 BIG-IP APM 112016-06-16
CVE-2016-3687 — F5 Big-ip Edge Gateway vulnerability | cvebase