Description
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html
Scores
EPSS
0.0038
EPSS Percentile
59.3%
Details
CWE
CWE-17
CWE-310
Status
published
Products (7)
f5/big-iq_adc
4.5.0
f5/big-iq_cloud
4.4.0
f5/big-iq_cloud
4.5.0
f5/big-iq_device
4.4.0
f5/big-iq_device
4.5.0
f5/big-iq_security
4.4.0
f5/big-iq_security
4.5.0
Published
Jul 16, 2015
Tracked Since
Feb 18, 2026