Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Big-ip_access_policy_manager | F5 | 13.1.0 (including) | 13.1.5 (including) |
Big-ip_access_policy_manager | F5 | 14.1.0 (including) | 14.1.5 (including) |
Big-ip_access_policy_manager | F5 | 15.1.0 (including) | 15.1.10 (including) |
Big-ip_access_policy_manager | F5 | 16.1.0 (including) | 16.1.4 (including) |
Big-ip_access_policy_manager | F5 | 17.1.0 (including) | 17.1.1 (including) |