CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-5548

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 5.8

References

http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html
http://www.securityfocus.com/bid/105353
https://support.f5.com/csp/article/K66171422
http://sbudella.altervista.org/blog/20180911-cve-2018-5548.html
http://www.securityfocus.com/bid/105353
https://support.f5.com/csp/article/K66171422

Products affected by CVE-2018-5548

F5 » Big-Ip Access Policy Manager » Version: 11.6.1

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1
F5 » Big-Ip Access Policy Manager » Version: 11.6.2

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2
F5 » Big-Ip Access Policy Manager » Version: 11.6.3

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-5548

Products

Pricing

Contact Us