F5 BIG-IP and BIG-IQ Centralized Management update for OpenJDK/Java

1) Improper input validation

EUVDB-ID: #VU27230

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2756

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IQ Centralized Management: 8.0.0 - 8.3.0

BIG-IP: 13.1.0 - 17.1.0

Fixed software versions

CPE2.3

• cpe:2.3:a:f5_networks:big-iq_centralized_management:8.3.0:*:*:*:*:*:*:*

External links

http://my.f5.com/manage/s/article/K000135555

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU27231

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2757

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IQ Centralized Management: 8.0.0 - 8.3.0

BIG-IP: 13.1.0 - 17.1.0

Fixed software versions

CPE2.3

• cpe:2.3:a:f5_networks:big-iq_centralized_management:8.3.0:*:*:*:*:*:*:*

External links

http://my.f5.com/manage/s/article/K000135555

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?