Bug ID 882377: ASM Application Security Editor Role User can update/install ASU

Last Modified: May 27, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3

Fixed In:
14.1.2.5

Opened: Feb 19, 2020
Severity: 3-Major

Symptoms

Live Update modifications are allowed for Application Security Editor Role.

Impact

Application Security Editor Role role is permitted to update Attack Signatures when it shouldn't be.

Conditions

Login as Application Security Editor user and try to install ASU.

Workaround

None

Fix Information

None

Behavior Change