CVE-2016-7467 — Improper Input Validation in Networks F5 Big-ip APM

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

1.6%

top 18.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Networks F5 Big-ip APM F5 Big-ip Access Policy Manager F5 Big-ip APM

Timeline

PublishedApr 11

Latest updateMay 17

Description

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

▶f5f5/big-ip_apm

▶CVEListV5f5_networks/f5_big-ip_apm12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2

▶NVDf5/big-ip_access_policy_manager6 versions+5

🔴Vulnerability Details

GHSA

GHSA-gxpj-cpjp-q8f2: The TMM SSO plugin in F5 BIG-IP APM 12↗2022-05-17

▶

📋Vendor Advisories

CVE-2016-7467: The TMM SSO plugin in F5 BIG-IP APM 12↗2017-04-11

▶