CVE-2018-15334 — Cross-Site Request Forgery in F5 Big-ip Access Policy Manager

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 48.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Networks INC Big-ip

Timeline

PublishedDec 28

Latest updateMay 14

Description

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDf5/big-ip_access_policy_manager11.5.1 — 11.6.3+3

▶CVEListV5f5_networks_inc/big-ipAll versions 11.2.1+

🔴Vulnerability Details

GHSA

GHSA-f3m5-h3mx-mqf3: A cross-site request forgery (CSRF) vulnerability in the APM webtop 11↗2022-05-14

▶

CVEList

CVE-2018-15334: A cross-site request forgery (CSRF) vulnerability in the APM webtop 11↗2018-12-28

▶

📋Vendor Advisories

CVE-2018-15334: A cross-site request forgery (CSRF) vulnerability in the APM webtop 11↗2018-12-28

▶