CVE-2022-34865

Summary

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP13.1.0 < 13.1.x*affected
F5BIG-IP14.1.x < 14.1.5affected
F5BIG-IP15.1.x < 15.1.6.1affected
F5BIG-IP16.1.0 < 16.1.x*unaffected
F5BIG-IP17.0.0 < 17.0.x*unaffected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References