CVE-2016-3687
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/06/2016
Last modified:
12/04/2025
Description
Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page