Home
MEDIUM: 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NMEDIUM: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NDefault status
unknown
21.1.0 (custom) before *
unaffected
21.0.0 (custom) before 21.0.0.1
affected
17.5.0 (custom) before 17.5.1.4
affected
17.1.0 (custom) before 17.1.3.1
affected
16.1.0 (custom) before *
affected
Default status
unknown
8.4.0 (custom) before 8.4.1
affected
Description
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Problem types
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Product status
21.1.0 (custom) before *
21.0.0 (custom) before 21.0.0.1
17.5.0 (custom) before 17.5.1.4
17.1.0 (custom) before 17.1.3.1
16.1.0 (custom) before *
8.4.0 (custom) before 8.4.1
Credits
F5
References
my.f5.com/manage/s/article/K32950402