CVE-2023-22341

Name of the Vulnerable Software and Affected Versions BIG-IP APM versions 13.1.x and 14.1.x through 14.1.5.2

Description The issue is related to the BIG-IP APM system, where undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate when configured with specific elements, including an OAuth Server, an OAuth profile with the Authorization Endpoint set to '/', and an access profile associated with an HTTPS virtual server. This can lead to a denial of service. The problem is also associated with pointer dereference errors.

Recommendations For versions 13.1.x, there is no information about a newer version that contains a fix for this vulnerability. For versions 14.1.x through 14.1.5.2, update to version 14.1.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the OAuth profile with the Authorization Endpoint set to '/' to minimize the risk of exploitation.