Improper input validation in F5 Big-ip_access_policy_manager
CVE-2022-27634
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege esc…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.013 (65.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.
Affected products
- F5 Big-ip_access_policy_manager
- F5 Big-ip Apm — versions 14.1.x, 13.1.x, 12.1.x
Weakness classification (CWE)
References
- f5sirt@f5.com (x_refsource_MISC, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-27634?
- CVE-2022-27634 is a medium-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2022-05-05.
- How severe is CVE-2022-27634?
- Medium severity. CVSS v3 base score is 6.5 out of 10.