Information Disclosure Vulnerability in F5 BIG-IP Products
CVE-2016-5021

4.9MEDIUM

Key Information:

Vendor: F5
Status: Big-iq Application Delivery Controller
Vendor: CVE Published:; 24 June 2016

Summary

The iControl REST service in various versions of F5 BIG-IP products, including LTM, DNS, GTM, and related systems, presents a significant information disclosure vulnerability. This flaw permits remote authenticated administrators to access sensitive information through unspecified vectors. The issue affects numerous product versions, potentially exposing critical data and impacting the confidentiality and integrity of the system. Organizations using affected versions should prioritize patching to mitigate this risk.

References

https://support.f5.com/kb/en-us/solutions/public/k/99/sol...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036172

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2016
Vulnerability Reserved
May 24, 2016