CVE-2016-3687

5.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Access Policy Manager
Vendor: CVE Published:; 16 June 2016

Summary

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

References

https://support.f5.com/kb/en-us/solutions/public/k/26/sol...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036111

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2016
Vulnerability Reserved
Mar 29, 2016