The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it’s possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. Versions 11.4.0 and 11.4.1 are confirmed vulnerable.