Open Redirect Vulnerability in F5 BIG-IP APM and Edge Gateway
CVE-2016-3687

5.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Access Policy Manager
Vendor: CVE Published:; 16 June 2016

What is CVE-2016-3687?

An open redirect vulnerability exists in F5 BIG-IP APM and Edge Gateway, specifically impacting versions prior to the update in 11.6.0 HF6. This issue arises during the multi-domain single sign-on (SSO) process, permitting remote attackers to exploit the SSO_ORIG_URI parameter with a base64-encoded URL. By doing so, they can redirect unsuspecting users to arbitrary websites, presenting significant risks for phishing attacks and other malicious activities.

References

https://support.f5.com/kb/en-us/solutions/public/k/26/sol...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036111

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2016
Vulnerability Reserved
Mar 29, 2016