5.9

CVE-2023-22372

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5Big-ip Access Policy Manager Version >= 7.2.2 < 7.2.4.1
   ApplemacOS Version-
   MicrosoftWindows Version-
F5Big-ip Access Policy Manager Version >= 13.1.0 <= 13.1.5
   ApplemacOS Version-
   MicrosoftWindows Version-
F5Big-ip Access Policy Manager Version >= 14.1.0 <= 14.1.5
   ApplemacOS Version-
   MicrosoftWindows Version-
F5Big-ip Access Policy Manager Version >= 15.1.0 <= 15.1.8
   ApplemacOS Version-
   MicrosoftWindows Version-
F5Big-ip Access Policy Manager Version >= 16.1.0 <= 16.1.3
   ApplemacOS Version-
   MicrosoftWindows Version-
F5Big-ip Access Policy Manager Version >= 17.0.0 <= 17.1.0
   ApplemacOS Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.433
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
f5sirt@f5.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.