Operational Defect Database
BugZero found this defect 207 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1186661
The security policy JSON profile created from OpenAPI file should have value "any" for it's defense attributes
Last update date:
5/8/2024
Affected products:
BIG-IP
BIG-IP ASM
Affected releases:
16.1.3
16.1.3.1
16.1.3.2
16.1.3.3
16.1.3.4
16.1.3.5
16.1.4
16.1.4.1
16.1.4.2
16.1.4.3
17.1.0
17.1.0.1
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1186661: The security policy JSON profile created from OpenAPI file should have value "any" for it's defense attributes ... Last Modified: May 08, 2024 ... Severity: 3-Major ... Symptoms ... The JSON profile of security policy created from OpenAPI file has defense attributes required for JSON content validation. ... Defense attributes created with default values specific to each defense attribute. ... The default values can be incorrect, thus by default JSON defense attributes should not be enforced and they should have value "any". ... Impact ... Security policy created from OpenAPI file may enforce some requests with JSON content while it was not required by OpenAPI file. ... Conditions ... - Creating JSON profile from OpenAPI file.
