CVE-2023-22372 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
f5	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
f5	big-ip_access_policy_manager	7.2.2 ≤ 𝑥 < 7.2.4.1
f5	big-ip_access_policy_manager	13.1.0 ≤ 𝑥 ≤ 13.1.5
f5	big-ip_access_policy_manager	14.1.0 ≤ 𝑥 ≤ 14.1.5
f5	big-ip_access_policy_manager	15.1.0 ≤ 𝑥 ≤ 15.1.8
f5	big-ip_access_policy_manager	16.1.0 ≤ 𝑥 ≤ 16.1.3
f5	big-ip_access_policy_manager	17.0.0 ≤ 𝑥 ≤ 17.1.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

References

https://my.f5.com/manage/s/article/K000132522

https://my.f5.com/manage/s/article/K000132522