CVE-2021-23046

Published: Sep 14, 2021Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (5)

Products: F5: Big Ip Access Policy Manager, Big Ip Guided Configuration

2 products

Big Ip Access Policy Manager

Big Ip Guided Configuration

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.4
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.4
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.3
F5 Big Ip Access Policy Manager	From 16.0.0 to 16.1.0
F5 Big Ip Guided Configuration	Before 8.0.0

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://support.f5.com/csp/article/K70652532

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K70652532

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.