Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-35728
PUBLISHED
More InfoOfficial Page
Assigner-f5
Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
View Known Exploited Vulnerability (KEV) details
Published At-04 Aug, 2022 | 17:49
Updated At-16 Sep, 2024 | 16:42
Rejected At-
▼CVE Numbering Authority (CNA)
iControl REST vulnerability CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products
Vendor
F5, Inc.F5
Product
BIG-IP
Versions
Affected
  • From 13.1.0 before 13.1.x* (custom)
  • From 14.1.x before 14.1.5.1 (custom)
  • From 15.1.x before 15.1.6.1 (custom)
  • From 16.1.x before 16.1.3.1 (custom)
  • From 17.0.x before 17.0.0.1 (custom)
Vendor
F5, Inc.F5
Product
BIG-IQ Centralized Management
Versions
Affected
  • From 8.0.x before 8.2.0 (custom)
  • From 7.0.0 before 7.x* (custom)
Problem Types
TypeCWE IDDescription
CWECWE-613CWE-613 Insufficient Session Expiration
Type: CWE
CWE ID: CWE-613
Description: CWE-613 Insufficient Session Expiration
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
F5 acknowledges BELARCHAOUI Youcef of ELIT / El Djazair Information Technology for bringing this issue to our attention and following the highest standards of coordinated disclosure.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.f5.com/csp/article/K55580033
x_refsource_MISC
Hyperlink: https://support.f5.com/csp/article/K55580033
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.f5.com/csp/article/K55580033
x_refsource_MISC
x_transferred
Hyperlink: https://support.f5.com/csp/article/K55580033
Resource:
x_refsource_MISC
x_transferred
Details not found