CVE-2019-6656

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM Edge Client versions prior to 7.1.8 F5 BIG-IP APM versions 15.0.0 through 15.0.1 F5 BIG-IP APM versions 14.1.0 through 14.1.0.6 F5 BIG-IP APM versions 14.0.0 through 14.0.0.4 F5 BIG-IP APM versions 13.0.0 through 13.1.1.5 F5 BIG-IP APM versions 12.1.0 through 12.1.5 F5 BIG-IP APM versions 11.5.1 through 11.6.5

Description The issue concerns the logging of the full apm session ID in log files by the BIG-IP APM Edge Client. This could potentially lead to information disclosure.

Recommendations For F5 BIG-IP APM Edge Client versions prior to 7.1.8, update to version 7.1.8 or later. For F5 BIG-IP APM versions 15.0.0 through 15.0.1, 14.1.0 through 14.1.0.6, 14.0.0 through 14.0.0.4, 13.0.0 through 13.1.1.5, 12.1.0 through 12.1.5, and 11.5.1 through 11.6.5, update the APM Clients component to version 7.1.8 or later, as these components can be updated independently from BIG-IP software in version 13.1.0 and later.