Forum Discussion
RockBD
Altocumulus
AltocumulusHelp needed to understand KB of f5
Hi Yesterday F5 published K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323 has been published https://my.f5.com/manage/s/article/K56412001. In the KB F5, mention the f...
RadekRAltocumulus
AltocumulusiHealth is free but requires registration.
Quick video overview of iHealth:
https://www.youtube.com/watch?v=UFg7_3-HL5A
Vulnerabilietes can be found in diagnostic tab.
RockBDAltocumulus
AltocumulusThanks for the reply.
Thanks for the information on iHealth.
You told me that 15.1.2.1-0.x.x is within the vulnerable range. How may I know, according to K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323 has been published https://my.f5.com/manage/s/article/K56412001.
Amine_KadimiMVP
Because in this case you consider your release to be 15.1.2 which is within the vulnerable range. Quoting from https://my.f5.com/manage/s/article/K51812227:
Versions known to be vulnerable: The range of product versions within each branch that are confirmed by F5 Product Development as vulnerable. Point releases and hotfixes are not listed in this column, unless a vulnerability is specifically introduced in a given point release or hotfix. Vulnerable versions include all point releases or hotfixes for a given software version. For example, if 13.1.0 is listed as vulnerable, then 13.1.0.1 and 13.1.0.2 are also considered vulnerable if neither of those point releases are listed in the Fixes introduced in column.
- RockBD
Your mentioned URL https://my.f5.com/manage/s/article/K51812227 don't have 15.1.2. Maybe you pasted the wrong URL.
But in the case of the URL https://my.f5.com/manage/s/article/K56412001, is BIGIP-15.1.2.1-0.0.10 vulnerable?
- Amine_Kadimi
If you read the kb you mentioned entirely there's a link to the other kb which just explain how versioning works for security alerts