We go below result from penetration test in F5 unit.
Issue: Insufficient Resource Validation. It is observed that we are able to inject "<" and ">" to the id_res parameter.
Resolution: It is advised to do data sanitization for characters "<" and ">".
Please note: our client only using APM module.
Please advise us to mitigate this vulnerability.
Potential security issues like this are best handled directly by our official support teams.
I'm told the best thing to do is follow the instructions on this Knowledge Article on Support related to reporting suspected vulnerabilities.
https://support.f5.com/csp/article/K4602 - Reporting Suspected Vulnerabilities
F5 welcomes any reports of suspected vulnerabilities or other security concerns with F5 products.
If you are an F5 customer with an active support contract, please contact F5 Support.
If you are not an F5 customer, please send an email to firstname.lastname@example.org. An engineer will contact you and will work with you to gather the necessary details to determine an appropriate course of action.
To send an encrypted message to F5, use this F5 Security Incident Response Team (SIRT) public PGP key, which is also available on multiple public key servers.+
Let me know if you are able to get the support you need that way.
Thanks for being part of our community!