In BIG-IP Versions 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip analytics |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip global traffic manager |
||
f5 big-ip fraud protection service |
||
f5 big-ip domain name system |
||
f5 big-ip application security manager |
||
f5 big-ip application acceleration manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip access policy manager |