Medium severity5.3NVD Advisory· Published Apr 11, 2017· Updated May 13, 2026

CVE-2016-7467

Description

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.

Affected products

F5 Networks/F5 BIG-IP APMv5
Range: 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/97168nvdThird Party AdvisoryVDB Entry
support.f5.com/csp/article/K95444512nvdVendor Advisory
www.securitytracker.com/id/1038131nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000