CVE-2016-7467 Information

Description

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1 11.6.0 - 11.6.1 HF1 11.5.4 - 11.5.4 HF2 when configured as a SAML Identity Provider with a Service Provider (SP) connector might allow traffic to be disrupted or failover initiated when a malformed signed SAML authentication request from an authenticated user is sent via the SP connector.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.securityfocus.com/bid/97168 http://www.securitytracker.com/id/1038131 https://support.f5.com/csp/article/K95444512

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.3