CVE-2013-7408

high

Published 2014-10-26 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html

Application impact

Vendor	Product	Versions
f5	big-ip_analytics	`11.0.0`
f5	big-ip_analytics	`11.1.0`
f5	big-ip_analytics	`11.2.0`
f5	big-ip_analytics	`11.2.1`
f5	big-ip_analytics	`11.3.0`

References

http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html
http://www.securityfocus.com/bid/68792
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14334.html
http://www.securityfocus.com/bid/68792

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.