Open Redirect Vulnerability in F5 BIG-IP APM and Edge Gateway
CVE-2016-3687
5.3MEDIUM
Summary
An open redirect vulnerability exists in F5 BIG-IP APM and Edge Gateway, specifically impacting versions prior to the update in 11.6.0 HF6. This issue arises during the multi-domain single sign-on (SSO) process, permitting remote attackers to exploit the SSO_ORIG_URI parameter with a base64-encoded URL. By doing so, they can redirect unsuspecting users to arbitrary websites, presenting significant risks for phishing attacks and other malicious activities.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved