What is CVE-2016-1497?

CVE-2016-1497 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Information Disclosure. CVSS score: 4.9/10. Published 2016-08-26.

How severe is CVE-2016-1497?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Information disclosure in F5 Big-ip_access_policy_manager

CVE-2016-1497

The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access P…

Vulnerability class: Information Disclosure

EPSS: 0.002 (46.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

F5 Big-ip_access_policy_manager — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_advanced_firewall_manager — versions 11.2.1, 11.3.0, 11.4.0
F5 Big-ip_analytics — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_application_acceleration_manager — versions 11.4.0, 11.4.1, 11.5.0
F5 Big-ip_application_security_manager — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_domain_name_system — versions 12.0.0
F5 Big-ip_edge_gateway — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_global_traffic_manager — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_link_controller — versions 11.0.0, 11.1.0, 11.2.0
F5 Big-ip_local_traffic_manager — versions 11.0.0, 11.1.0, 11.2.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
92671 (vdb-entry, x_refsource_BID)
1036631 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-1497?: CVE-2016-1497 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Information Disclosure. CVSS score: 4.9/10. Published 2016-08-26.
How severe is CVE-2016-1497?: Medium severity. CVSS v3 base score is 4.9 out of 10.