CVE-2019-6662 — Log File Information Exposure in F5 Big-ip Access Policy Manager

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +10 more

Timeline

PublishedNov 15

Latest updateMay 24

Description

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages14 packages

▶NVDf5/big-ip_access_policy_manager13.1.0 — 13.1.1.5

▶NVDf5/big-ip_local_traffic_manager13.1.0 — 13.1.1.5

▶CVEListV5f5/big-ip_access_policy_manager13.1.0-13.1.1.4

▶NVDf5/big-ip_analytics13.1.0 — 13.1.1.5

▶NVDf5/big-ip_edge_gateway13.1.0 — 13.1.1.5

🔴Vulnerability Details

GHSA

GHSA-j243-5phh-5j8m: On BIG-IP 13↗2022-05-24

▶

CVEList

CVE-2019-6662: On BIG-IP 13↗2019-11-15

▶

📋Vendor Advisories

CVE-2019-6662: On BIG-IP 13↗2019-11-15

▶