The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
http://www.securitytracker.com/id/1029079
http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html