Last Modified: Nov 19, 2024
Affected Product(s):
BIG-IP ASM, Install/Upgrade
Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Fixed In:
16.1.5
Opened: Sep 08, 2023 Severity: 3-Major
After an upgrade, the user-defined sets attached to a policy are upgraded with the wrong empty value, instead of a NULL value, for sig_tag_val field.
Importing the same policy into the upgraded system will create a duplicate set and the upgraded set will not be used.
Before upgrade, there is a policy which is using a user defined set based on a filter which is not sig_tag_op (so the sig_tag_val has a NULL value in the database)
You can repair the policy by navigating to “Security ›› Application Security : Policy Building : Learning and Blocking Settings”, clicking on “change”, and choosing the original created sets instead of the duplicated sets. Save, and then apply the policy. The duplicated sets can be deleted after that.
After upgrade, the value for sig_tag_val is the correct NULL value.