CVE-2015-4637

Currently unrated

Key Information:

Vendor: F5
Status: Big-iq Security; Big-iq Device; Big-iq Cloud; Big-iq Adc
Vendor: CVE Published:; 16 July 2015

Summary

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.

References

https://support.f5.com/kb/en-us/solutions/public/16000/80...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 16, 2015
Vulnerability Reserved
Jun 16, 2015