CVE-2018-5548

Summary

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

Affected Software

VendorProductVersion RangeStatus
F5 Networks, Inc.BIG-IP APM11.6.0-11.6.3affected

Weaknesses

  • XSS

ADP Enrichment

CVE Program Container

Additional References

References