CVE-2021-23016 Information

Description

On BIG-IP APM versions 15.1.x before 15.1.3 14.1.x before 14.1.4.1 13.1.x before 13.1.4 and all versions of 16.0.x 12.1.x and 11.6.x an attacker may be able to bypass APM’s internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://support.f5.com/csp/article/K75540265

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3