For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bc81987's avatar
bc81987
Icon for Nimbostratus rankNimbostratus
May 15, 2024

CWE-20: Improper Input Validation

Good afternoon,   We've recently had a burp suite scan done on our F5 pair. This was the result: The application may be vulnerable to DOM-based DOM data manipulation. Data is read from window.loc...
security
Lucas_Thompson's avatar
Lucas_Thompson
Icon for Employee rankEmployee
May 15, 2024

Thanks for the question. Was there a URL associated with this error report? Are you using APM? Did you provide the scanner logon credentials so it could authenticate to the admin GUI or APM end-user logon page?

I do see a helper function that's used in the APM end-user logon page, decision box page, and endpoint-inspector status page that might trigger this alert, but it doesn't seem to be used in a way that's exploitable.

 

Vulnerability reports can be concerning. If you'd like a faster or tracked response on this question, get as many details as you can and please feel free to open a support ticket:
https://my.f5.com/manage/s/article/K2633