CVE-2022-1388#

Statement on CVE-2022-1388 F5 BIG-IP Vulnerability#

May 27, 2022

Information#

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Severity#

Low

Response#

Melissa Data Corporation (“Melissa”) was not impacted by the F5 BIG-IP vulnerability as Melissa does not use F5 BIG-IP for any Melissa commercial web services or products or internal network infrastructure.

Melissa will continue to follow all guidance provided by F5 and CISA in the Alert AA22-138A as necessary to prevent any future risks.