CVE-2022-26890

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Advanced WAF, ASM, and APM versions prior to 16.1.2.1 F5 BIG-IP Advanced WAF, ASM, and APM versions 15.1.x prior to 15.1.5 F5 BIG-IP Advanced WAF, ASM, and APM versions 14.1.x prior to 14.1.4.6 F5 BIG-IP Advanced WAF, ASM, and APM versions 13.1.x prior to 13.1.5

Description The issue occurs when ASM or Advanced WAF, as well as APM, are configured on a virtual server, and the ASM policy is configured with Session Awareness, with the Use APM Username and Session ID option enabled. In this setup, undisclosed requests can cause the bd process to terminate.

Recommendations For versions prior to 16.1.2.1, update to version 16.1.2.1 or later. For versions 15.1.x prior to 15.1.5, update to version 15.1.5 or later. For versions 14.1.x prior to 14.1.4.6, update to version 14.1.4.6 or later. For versions 13.1.x prior to 13.1.5, update to version 13.1.5 or later.