Severity
High
Analysis Summary
CVE-2022-41622
F5 BIG-IP and BIG-IQ is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2022-41622
Affected Vendors
F5
Affected Products
- F5 BIG-IP 13.1.0
- F5 BIG-IP 14.1.0
- F5 BIG-IP 15.1.0
- F5 BIG-IQ Centralized Management 7.1.0
- F5 BIG-IQ Centralized Management 8.0.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 13.1.5
- F5 BIG-IP 17.0.0
- F5 BIG-IP 16.1.3
- F5 BIG-IP 14.1.5
- F5 BIG-IQ Centralized Management 8.2.0
- F5 BIG-IP 15.1.8
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.