CVE-2023-39447: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

CVE-2023-39447 is a vulnerability affecting BIG-IP APM Guided Configurations where undisclosed sensitive information may be logged in restnoded log. The vulnerability was discovered and disclosed in October 2023, affecting multiple versions of F5's BIG-IP Access Policy Manager (APM) including versions 15.1.0-15.1.8, 16.1.0-16.1.4, and 17.0.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and high privileges to exploit, but can result in high confidentiality impact. The vulnerability is classified under CWE-532 (Insertion of Sensitive Information into Log File) (NVD).

When exploited, this vulnerability can lead to the exposure of sensitive information through the restnoded log files. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (NVD).

F5 has released patches for affected versions. Organizations running affected versions of BIG-IP APM should upgrade to versions 15.1.8, 16.1.4, or later as appropriate for their deployment (Rapid7).