CVE-2016-3687

medium

CVSS v3 Base Score

5.3

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Score

0.4%

Exploitation probability in 30 days

Top 41% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Confidentiality

None

Integrity

High

Availability

None

Published: June 16, 2016 (3618 days ago)

Last Modified: May 6, 2026

Vendor: F5

Source: NVD

Description

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

CWE

NVD-CWE-Other

Affected Products

f5 big-ip access policy managerf5 big-ip edge gateway

References

🔗 www.securitytracker.com 🔗 support.f5.com 🔗 www.securitytracker.com 🔗 support.f5.com

CVE-2016-3687

Vulnerability Report

Description

CWE

Affected Products

References