CVE-2021-23054

Published: Sep 27, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (6)

Products: F5: Big Ip Access Policy Manager

1 product

Big Ip Access Policy Manager

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.6
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.4
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.4.4
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.4
F5 Big Ip Access Policy Manager	From 16.0.0 to 16.0.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.f5.com/csp/article/K41997459

Source: f5sirt@f5.com

MitigationVendor Advisory

https://support.f5.com/csp/article/K41997459

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.