CVE-2018-15335

Name of the Vulnerable Software and Affected Versions BIG-IP APM versions 13.0.0 through 13.1.x

Description The issue occurs when BIG-IP APM is deployed as an OAuth Resource Server and loses communication with an external OAuth authorization server. In such cases, APM may not display the intended message in the failure response.

Recommendations For versions 13.0.0 through 13.1.x, consider temporarily restricting access to the OAuth Resource Server functionality until a patch is available. As a mitigation measure, review and adjust the configuration settings related to communication with the external OAuth authorization server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.