Bug ID 882377: ASM Application Security Editor Role User can update/install ASU

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4

Fixed In:
16.0.0, 15.1.4.1, 14.1.2.5

Opened: Feb 19, 2020

Severity: 3-Major

Symptoms

Live Update modifications are allowed for Application Security Editor Role.

Impact

Application Security Editor Role role is permitted to update Attack Signatures when it shouldn't be.

Conditions

Login as Application Security Editor user and try to install ASU.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips