In BIG-IP Versions 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip analytics |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip global traffic manager |
||
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |