{ "CVE_data_meta" : { "ASSIGNER" : "f5sirt@f5.com", "ID" : "CVE-2016-9256", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "BIG-IP", "version" : { "version_data" : [ { "version_value" : "12.1.0-12.1.2" } ] } } ] }, "vendor_name" : "F5 Networks, Inc." } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "iControl vulnerability CVE-2016-9256" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://support.f5.com/csp/article/K47284724", "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K47284724" }, { "name" : "96464", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/96464" } ] } }