The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list.

Description

<VulnDiscussion>Authentication alone must not be sufficient to assign APM resources to a connecting client. Access to APM resources (e.g., Portal, VPN, Webtop, Remote Desktop, etc.,) must be granted only after a successful authorization check occurs. Resource assignments can be configured using APM Access Policy Advanced Resource Assign VPE agents and Resource Assign VPE agents. These agents must be configured explicitly with an authorization list. If resources are assigned to these types of agents with empty expressions, that expression acts as the default authorization list.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>