CVE-2018-15335

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
f5CNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
f5big-ip_access_policy_manager
13.0.0 ≤
𝑥
≤ 13.1.1
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/106355
https://support.f5.com/csp/article/K27617652
http://www.securityfocus.com/bid/106355
https://support.f5.com/csp/article/K27617652