Last Modified: Jul 24, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3
Fixed In:
16.1.5
Opened: Nov 07, 2022 Severity: 3-Major
The JSON profile of security policy created from OpenAPI file has defense attributes required for JSON content validation. Defense attributes created with default values specific to each defense attribute. The default values can be incorrect, thus by default JSON defense attributes should not be enforced and they should have value "any".
Security policy created from OpenAPI file may enforce some requests with JSON content while it was not required by OpenAPI file.
- Creating JSON profile from OpenAPI file.
None
None