Unrated severityNVD Advisory· Published Feb 1, 2023· Updated Mar 26, 2025
BIG-IP APM OAuth vulnerability
CVE-2023-22341
Description
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate:
- An OAuth Server that references an OAuth Provider
- An OAuth profile with the Authorization Endpoint set to '/'
- An access profile that references the above OAuth profile and is associated with an HTTPS virtual server
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.