Nimbostratus
EmployeeThanks for the question. Was there a URL associated with this error report? Are you using APM? Did you provide the scanner logon credentials so it could authenticate to the admin GUI or APM end-user logon page?
I do see a helper function that's used in the APM end-user logon page, decision box page, and endpoint-inspector status page that might trigger this alert, but it doesn't seem to be used in a way that's exploitable.
Vulnerability reports can be concerning. If you'd like a faster or tracked response on this question, get as many details as you can and please feel free to open a support ticket:
https://my.f5.com/manage/s/article/K2633
NimbostratusYes there is a URL and we're using APM. Scanner has logon credentials. Everything seems to be working as intended. The issue is how to resolve this. Will an update from "BIG-IP v15.1.10.3 (Build 0.0.12)" work. If so, what version?
I have a ticket in with F5, but I haven't heard back from the solution engineer since 5/8. I'll reach out again.
MVPDid you hear something from F5 support?
Without exact details it is going to be difficult to say something here.