CVE-2019-19150

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 48.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip APM

Timeline

PublishedDec 23

Latest updateMay 24

Description

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDf5/big-ip_access_policy_manager13.1.0 — 13.1.3.2+5

▶CVEListV5f5/big-ip_apm6 versions+5

🔴Vulnerability Details

GHSA

GHSA-fjcp-54hj-7m4w: On versions 15↗2022-05-24

▶

CVEList

CVE-2019-19150: On versions 15↗2019-12-23

▶

📋Vendor Advisories

CVE-2019-19150: On versions 15↗2019-12-23

▶