CVE-2021-23037
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
14/09/2021
Last modified:
27/09/2021
Description
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Impact
Base Score 3.x
9.60
Severity 3.x
CRITICAL
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 11.6.0 (including) | 11.6.5 (including) |
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.6 (including) |
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.4 (including) |
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.4 (including) |
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 15.1.0 (including) | 15.1.3 (including) |
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 16.0.0 (including) | 16.1.0 (including) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 11.6.0 (including) | 11.6.5 (including) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.6 (including) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.4 (including) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.4 (including) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 15.1.0 (including) | 15.1.3 (including) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 16.0.0 (including) | 16.1.0 (including) |
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 11.6.0 (including) | 11.6.5 (including) |
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.6 (including) |
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.4 (including) |
To consult the complete list of CPE names with products and versions, see this page