CVE-2023-43124 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
f5	CNA	5.3 MEDIUM	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
f5	big-ip_access_policy_manager	14.1.5.2 ≤ 𝑥 ≤ 14.1.5.6
f5	big-ip_access_policy_manager	15.1.8 ≤ 𝑥 ≤ 15.1.10
f5	big-ip_access_policy_manager	16.1.3.3 ≤ 𝑥 ≤ 16.1.4
f5	big-ip_access_policy_manager	13.1.5.1
f5	big-ip_access_policy_manager	17.1.0
f5	big-ip_access_policy_manager_client	7.2.3 ≤ 𝑥 ≤ 7.2.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://my.f5.com/manage/s/article/K000136907

https://my.f5.com/manage/s/article/K000136907