Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23032

Summary
Assigner-f5
Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
Published At-25 Jan, 2022 | 19:11
Updated At-03 Aug, 2024 | 03:28
Rejected At-
Credits

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:f5
Assigner Org ID:9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
Published At:25 Jan, 2022 | 19:11
Updated At:03 Aug, 2024 | 03:28
Rejected At:
▼CVE Numbering Authority (CNA)

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products
Vendor
n/a
Product
BIG-IP Edge Client for Mac and Windows
Versions
Affected
  • All versions before 7.2.1.4
Problem Types
TypeCWE IDDescription
CWECWE-346CWE-346: Origin Validation Error
Type: CWE
CWE ID: CWE-346
Description: CWE-346: Origin Validation Error
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.f5.com/csp/article/K30525503
x_refsource_MISC
Hyperlink: https://support.f5.com/csp/article/K30525503
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.f5.com/csp/article/K30525503
x_refsource_MISC
x_transferred
Hyperlink: https://support.f5.com/csp/article/K30525503
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f5sirt@f5.com
Published At:25 Jan, 2022 | 20:15
Updated At:01 Feb, 2022 | 19:21

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
F5, Inc.
f5
>>big-ip_access_policy_manager>>Versions from 11.6.1(inclusive) to 11.6.5(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager>>Versions from 12.1.0(inclusive) to 12.1.6(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager>>Versions from 13.1.0(inclusive) to 13.1.4(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager>>Versions from 14.1.0(inclusive) to 14.1.4(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager>>Versions from 15.1.0(inclusive) to 15.1.5(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager>>Versions from 16.0.0(inclusive) to 16.1.2(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager_client>>Versions from 7.1.6(inclusive) to 7.1.9(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_access_policy_manager_client>>Versions from 7.2.1(inclusive) to 7.2.1.3(inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-346Primarynvd@nist.gov
CWE-346Secondaryf5sirt@f5.com
CWE ID: CWE-346
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-346
Type: Secondary
Source: f5sirt@f5.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.f5.com/csp/article/K30525503f5sirt@f5.com
Vendor Advisory
Hyperlink: https://support.f5.com/csp/article/K30525503
Source: f5sirt@f5.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

58Records found
CVE-2023-30996
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-24 Feb, 2024 | 15:35
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics cross-origin resource sharing

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

Action-Not Available
Vendor-NetApp, Inc.IBM Corporation
Product-cognos_analyticsoncommand_insightCognos Analyticscognos_analytics
CWE ID-CWE-346
Origin Validation Error
CVE-2025-52621
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.45%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 22:45
Updated-29 Oct, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_saasBigFix SaaS Remediate
CWE ID-CWE-346
Origin Validation Error
CVE-2014-1487
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 69.26%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Action-Not Available
Vendor-n/aMozilla CorporationCanonical Ltd.SUSEFedora ProjectopenSUSEDebian GNU/LinuxRed Hat, Inc.
Product-suse_linux_enterprise_software_development_kitenterprise_linux_server_tusubuntu_linuxdebian_linuxenterprise_linux_workstationenterprise_linux_eussuse_linux_enterprise_desktopthunderbirdsuse_linux_enterprise_serverfedorafirefoxenterprise_linux_desktopenterprise_linux_serverseamonkeyenterprise_linux_server_eusopensuseenterprise_linux_server_ausn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2019-11723
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.66%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:17
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68.

Action-Not Available
Vendor-openSUSEMozilla Corporation
Product-firefoxleapFirefox
CWE ID-CWE-346
Origin Validation Error
CVE-2018-5157
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-346
Origin Validation Error
CVE-2022-45139
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 24.85%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 14:36
Updated-10 Mar, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: Origin validation error through CORS misconfiguration

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.

Action-Not Available
Vendor-wagoWAGO
Product-pfc200_firmwaretouch_panel_600_advanced_firmwaretouch_panel_600_marine_firmwaretouch_panel_600_standard751-9301touch_panel_600_advancedtouch_panel_600_standard_firmwarepfc200pfc100_firmware752-8303\/8000-002_firmwarepfc100touch_panel_600_marine752-8303\/8000-002751-9301_firmwareTouch Panel 600 Standard Line (762-4xxx)Edge Controller (752-8303/8000-002)Touch Panel 600 Advanced Line (762-5xxx)PFC200 (750-82xx/xxx-xxx)Compact Controller CC100 (751-9301)PFC100 (750-81xx/xxx-xxx)Touch Panel 600 Marine Line (762-6xxx)
CWE ID-CWE-346
Origin Validation Error
CVE-2022-25146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.04%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 23:28
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.

Action-Not Available
Vendor-n/aLiferay Inc.
Product-digital_experience_platformliferay_portaln/a
CWE ID-CWE-346
Origin Validation Error
CVE-2022-21712
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.12%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 00:00
Updated-23 Apr, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cookie and header exposure in twisted

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Action-Not Available
Vendor-twistedtwistedFedora ProjectDebian GNU/Linux
Product-debian_linuxtwistedfedoratwisted
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-346
Origin Validation Error
  • Previous
  • 1
  • 2
  • Next
Details not found