On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the Administrator role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Big-ip_access_policy_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_access_policy_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_access_policy_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_access_policy_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_advanced_firewall_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_advanced_firewall_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_advanced_firewall_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_advanced_firewall_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_advanced_web_application_firewall | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_advanced_web_application_firewall | F5 | 14.1.0 (including) | 14.1.4 (including) |
Big-ip_advanced_web_application_firewall | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_advanced_web_application_firewall | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_analytics | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_analytics | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_analytics | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_analytics | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_application_acceleration_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_application_acceleration_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_application_acceleration_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_application_acceleration_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_application_security_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_application_security_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_application_security_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_application_security_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_ddos_hybrid_defender | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_ddos_hybrid_defender | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_ddos_hybrid_defender | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_ddos_hybrid_defender | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_domain_name_system | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_domain_name_system | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_domain_name_system | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_domain_name_system | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_fraud_protection_service | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_fraud_protection_service | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_fraud_protection_service | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_fraud_protection_service | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_global_traffic_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_global_traffic_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_global_traffic_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_global_traffic_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_link_controller | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_link_controller | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_link_controller | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_link_controller | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_local_traffic_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_local_traffic_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_local_traffic_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_local_traffic_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_policy_enforcement_manager | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_policy_enforcement_manager | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_policy_enforcement_manager | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_policy_enforcement_manager | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |
Big-ip_ssl_orchestrator | F5 | 13.1.0 (including) | 13.1.4 (excluding) |
Big-ip_ssl_orchestrator | F5 | 14.1.0 (including) | 14.1.4 (excluding) |
Big-ip_ssl_orchestrator | F5 | 15.1.0 (including) | 15.1.3 (excluding) |
Big-ip_ssl_orchestrator | F5 | 16.0.0 (including) | 16.0.1.1 (excluding) |