Bug ID 882377: ASM Application Security Editor Role User can update/install ASU

Last Modified: Jan 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1

Fixed In:
16.0.0, 14.1.2.5

Opened: Feb 19, 2020
Severity: 3-Major

Symptoms

Live Update modifications are allowed for Application Security Editor Role.

Impact

Application Security Editor Role role is permitted to update Attack Signatures when it shouldn't be.

Conditions

Login as Application Security Editor user and try to install ASU.

Workaround

None

Fix Information

None

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5 Networks, Inc. All rights reserved. Policies | Privacy | Trademarks