Vulnerability Description
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 13.1.0, <= 13.1.5 |
Related Weaknesses (CWE)
References
- https://my.f5.com/manage/s/article/K20717585Vendor Advisory
- https://my.f5.com/manage/s/article/K20717585Vendor Advisory
FAQ
What is CVE-2023-22341?
CVE-2023-22341 is a vulnerability with a CVSS score of 7.5 (HIGH). On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkern...
How severe is CVE-2023-22341?
CVE-2023-22341 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22341?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager.