CVE-2022-34865

MEDIUM

BIG-IP 13.1.0-13.1.5 - Traffic Intelligence Feed Data Poisoning via Improper Certificate Validation

Title source: llm

Description

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.f5.com/csp/article/K25046752

Scores

CVSS v3 4.8

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-295

Status published

Products (11)

f5/big-ip_access_policy_manager 13.1.0 - 13.1.5

f5/big-ip_advanced_firewall_manager 13.1.0 - 13.1.5

f5/big-ip_analytics 13.1.0 - 13.1.5

f5/big-ip_application_acceleration_manager 13.1.0 - 13.1.5

f5/big-ip_application_security_manager 13.1.0 - 13.1.5

f5/big-ip_domain_name_system 13.1.0 - 13.1.5

f5/big-ip_fraud_protection_service 13.1.0 - 13.1.5

f5/big-ip_global_traffic_manager 13.1.0 - 13.1.5

f5/big-ip_link_controller 13.1.0 - 13.1.5

f5/big-ip_local_traffic_manager 13.1.0 - 13.1.5

... and 1 more

Published Aug 04, 2022

Tracked Since Feb 18, 2026