CVE-2023-39447

Published Oct 10, 2023

Last updated a year ago

CVSS medium 4.4

Overview

Description: When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

f5sirt@f5.com: CWE-532

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48743FD4-1E72-4550-92D6-F06D6D0AF142",
            "versionEndExcluding": "15.1.8",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C36042F8-9B48-4E0D-ABC1-F10BE2A49CB8",
            "versionEndIncluding": "7.7",
            "versionStartIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63E1215D-2724-4249-B0FD-16C32480A11D"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AED33D2-594D-4057-A7D5-041665AA6E07"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References