CVE-2023-39447

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K47756555	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_guided_configuration::::::::
	cpe:2.3:a:f5:big-ip_guided_configuration:6.0:::::::*
	cpe:2.3:a:f5:big-ip_guided_configuration:8.0:::::::*

History

No history.

Information

Published : 2023-10-10 13:15

Updated : 2023-10-16 18:40

NVD link : CVE-2023-39447

Mitre link : CVE-2023-39447

CVE.ORG link : CVE-2023-39447

JSON object : View

Products Affected

f5

big-ip_guided_configuration
big-ip_access_policy_manager

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2023-39447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2023-10-10T13:15:20.613", "references": [{"url": "https://my.f5.com/manage/s/article/K47756555", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "\nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"}, {"lang": "es", "value": "Cuando se configura BIG-IP APM Guided Configurations, es posible que se registre informaci\u00f3n confidencial no divulgada en restnoded log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan."}], "lastModified": "2023-10-16T18:40:24.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48743FD4-1E72-4550-92D6-F06D6D0AF142", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0"}, {"criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36042F8-9B48-4E0D-ABC1-F10BE2A49CB8", "versionEndIncluding": "7.7", "versionStartIncluding": "7.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63E1215D-2724-4249-B0FD-16C32480A11D"}, {"criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AED33D2-594D-4057-A7D5-041665AA6E07"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}