On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
Weakness
The product writes sensitive information to a log file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big-ip_access_policy_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_advanced_firewall_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_analytics | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_application_acceleration_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_application_security_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_domain_name_system | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_edge_gateway | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_fraud_protection_service | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_global_traffic_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_link_controller | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_local_traffic_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_policy_enforcement_manager | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |
| Big-ip_webaccelerator | F5 | 13.1.0 (including) | 13.1.1.5 (excluding) |