Vulnerability Details CVE-2016-7467
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 3.5
References
Products affected by CVE-2016-7467
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0
-
cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1