CVE Vulnerabilities

CVE-2023-22372

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Published: May 03, 2023 | Modified: May 10, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Weakness

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Affected Software

Name Vendor Start Version End Version
Big-ip_access_policy_manager F5 7.2.2 *
Big-ip_access_policy_manager F5 13.1.0 13.1.5
Big-ip_access_policy_manager F5 14.1.0 14.1.5
Big-ip_access_policy_manager F5 15.1.0 15.1.8
Big-ip_access_policy_manager F5 16.1.0 16.1.3
Big-ip_access_policy_manager F5 17.0.0 17.1.0

References