Open Redirect Vulnerability in F5 BIG-IP APM and Edge Gateway
CVE-2016-3687

5.3MEDIUM

Key Information:

Vendor
F5
Status
Big-ip Access Policy Manager
Vendor
CVE Published:
16 June 2016

Summary

An open redirect vulnerability exists in F5 BIG-IP APM and Edge Gateway, specifically impacting versions prior to the update in 11.6.0 HF6. This issue arises during the multi-domain single sign-on (SSO) process, permitting remote attackers to exploit the SSO_ORIG_URI parameter with a base64-encoded URL. By doing so, they can redirect unsuspecting users to arbitrary websites, presenting significant risks for phishing attacks and other malicious activities.

References

https://support.f5.com/kb/en-us/solutions/public/k/26/sol...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036111
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.