BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. ([CVE-2022-41622]())

Impact

An attacker may trick users who have at least resource administrator role privilege and are authenticated through basic authentication in iControl SOAP into performing critical actions. An attacker can exploit this vulnerability only through the control plane, not through the data plane. If exploited, the vulnerability can compromise the complete system.Read More