CVE-2023-39447

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 64.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip F5 Big-ip Access Policy Manager F5 Big-ip Guided Configuration

Timeline

PublishedOct 10

Description

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

▶NVDf5/big-ip_guided_configuration7.0 — 7.7+2

▶CVEListV5f5/big-ip16.1.0 — 16.1.4+2

▶NVDf5/big-ip_access_policy_manager15.1.0 — 15.1.8+2

🔴Vulnerability Details

GHSA

GHSA-3rjx-wj56-x9pm: When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log↗2023-10-10

▶

CVEList

BIG-IP APM Guided Configuration vulnerability↗2023-10-10

▶

📋Vendor Advisories

CVE-2023-39447: When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log↗2023-10-10

▶