6.5
CVE-2019-6662
- EPSS 0.33%
- Published 15.11.2019 21:15:11
- Last modified 21.11.2024 04:46:54
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Analytics Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Application Security Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Domain Name System Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Edge Gateway Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Fraud Protection Service Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Global Traffic Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Link Controller Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Local Traffic Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.1.0 < 13.1.1.5
F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 < 13.1.1.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.531 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.