What is CVE-2023-39447?

CVE-2023-39447 is a vulnerability in BIG-IP APM Guided Configurations that allows undisclosed sensitive information to be logged.

How does CVE-2023-39447 affect F5 Big-ip Access Policy Manager?

CVE-2023-39447 affects F5 Big-ip Access Policy Manager versions 15.1.0 to 15.1.8, 16.1.0 to 16.1.4, and 17.0.0.

What is the severity of CVE-2023-39447?

The severity of CVE-2023-39447 is medium (4.4).

How can I fix CVE-2023-39447?

To fix CVE-2023-39447, update your F5 Big-ip Access Policy Manager and F5 Big-ip Guided Configuration to the recommended versions provided by the vendor.

Where can I find more information about CVE-2023-39447?

You can find more information about CVE-2023-39447 at the following reference: [Link](https://my.f5.com/manage/s/article/K47756555).

Vulnerability/
CVE-2023-39447

medium

4.4

CWE

532

10/10/2023

18/9/2024

CVE-2023-39447: BIG-IP APM Guided Configuration vulnerability

First published: Tue Oct 10 2023(Updated: )

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Credit: f5sirt@f5.com f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP Access Policy Manager	>=15.1.0<15.1.8
F5 BIG-IP Access Policy Manager	>=16.1.0<16.1.4
F5 BIG-IP Access Policy Manager	=17.0.0
F5 BIG-IP Guided Configuration	>=7.0<=7.7
F5 BIG-IP Guided Configuration	=6.0
F5 BIG-IP Guided Configuration	=8.0
F5 BIG-IP (APM)		17.1.0
F5 BIG-IP (APM)	>=16.1.0<=16.1.3	16.1.4
F5 BIG-IP (APM)	>=15.1.0<=15.1.7	15.1.8
F5 BIG-IP (APM)
F5 BIG-IP (Guided Configuration)		9.0
F5 BIG-IP (Guided Configuration)	=8.0
F5 BIG-IP (Guided Configuration)	>=7.0<=7.7
F5 BIG-IP (Guided Configuration)	=6.0
F5 BIG-IP (Guided Configuration)

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K47756555

Frequently Asked Questions

What is CVE-2023-39447?
CVE-2023-39447 is a vulnerability in BIG-IP APM Guided Configurations that allows undisclosed sensitive information to be logged.
How does CVE-2023-39447 affect F5 Big-ip Access Policy Manager?
CVE-2023-39447 affects F5 Big-ip Access Policy Manager versions 15.1.0 to 15.1.8, 16.1.0 to 16.1.4, and 17.0.0.
What is the severity of CVE-2023-39447?
The severity of CVE-2023-39447 is medium (4.4).
How can I fix CVE-2023-39447?
To fix CVE-2023-39447, update your F5 Big-ip Access Policy Manager and F5 Big-ip Guided Configuration to the recommended versions provided by the vendor.
Where can I find more information about CVE-2023-39447?
You can find more information about CVE-2023-39447 at the following reference: [Link](https://my.f5.com/manage/s/article/K47756555).

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/references
agent/severity
agent/weakness
agent/description
agent/first-publish-date
collector/f5-advisory
source/F5
alias/CVE-2023-39447
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/tags
agent/event
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/15.1.0
version/f5 big-ip access policy manager/16.1.0
version/f5 big-ip access policy manager/17.0.0
canonical/f5 big-ip guided configuration
version/f5 big-ip guided configuration/7.0
version/f5 big-ip guided configuration/7.7
version/f5 big-ip guided configuration/6.0
version/f5 big-ip guided configuration/8.0
canonical/f5 big-ip (apm)
version/f5 big-ip (apm)/16.1.0
version/f5 big-ip (apm)/16.1.3
version/f5 big-ip (apm)/15.1.0
version/f5 big-ip (apm)/15.1.7
canonical/f5 big-ip (guided configuration)
version/f5 big-ip (guided configuration)/8.0
version/f5 big-ip (guided configuration)/7.0
version/f5 big-ip (guided configuration)/7.7
version/f5 big-ip (guided configuration)/6.0