CVE-2023-22341

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Link Resource
https://my.f5.com/manage/s/article/K20717585 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Information

Published : 2023-02-01 06:15

Updated : 2023-02-09 05:09


NVD link : CVE-2023-22341

Mitre link : CVE-2023-22341

Products Affected

F5

CWE