cvelistv5 - CVE-2021-23050

CVE-2021-23050 (GCVE-0-2021-23050)

Vulnerability from cvelistv5 – Published: 2021-09-14 12:31 – Updated: 2024-08-03 18:58

Summary

Severity ?

No CVSS data available.

CWE

CWE-352

Assigner

References

URL

Tags

https://support.f5.com/csp/article/K44553214

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect	Affected: BIG-IP Advanced WAF and BIG-IP ASM 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 Affected: NGINX App Protect all versions before 3.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K44553214"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "BIG-IP Advanced WAF and BIG-IP ASM 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3"
            },
            {
              "status": "affected",
              "version": "NGINX App Protect all versions before 3.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T12:31:38",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K44553214"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23050",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "BIG-IP Advanced WAF and BIG-IP ASM 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3"
                          },
                          {
                            "version_value": "NGINX App Protect all versions before 3.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K44553214",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K44553214"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2021-23050",
    "datePublished": "2021-09-14T12:31:38",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndExcluding\": \"15.1.3.1\", \"matchCriteriaId\": \"59C90A98-C3A2-420D-8936-A094D3539AA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.0\", \"versionEndExcluding\": \"16.0.1.2\", \"matchCriteriaId\": \"633F777A-10B4-42B6-867C-FC32E38A4B1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndExcluding\": \"15.1.3.1\", \"matchCriteriaId\": \"E4B53FEB-1754-49D4-953D-146D92CAC3BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.0\", \"versionEndExcluding\": \"16.0.1.2\", \"matchCriteriaId\": \"CE26ED82-4D38-4165-990D-4967AE130059\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndIncluding\": \"1.3.0\", \"matchCriteriaId\": \"A5CB7297-C457-40B4-8643-CF59EC13865D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.3.0\", \"matchCriteriaId\": \"E76351C7-2FA5-4B76-87F0-4BEB5DFC73D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.5.0\", \"matchCriteriaId\": \"68577A25-8EF1-4143-8E2B-08B7D983337B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}, {\"lang\": \"es\", \"value\": \"En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3 y NGINX App Protect en todas las versiones anteriores a 3.5.0, cuando es configurado una pol\\u00edtica de tipo cross-site request forgery (CSRF) en un servidor virtual, una respuesta HTML no divulgada puede causar una finalizaci\\u00f3n del proceso bd. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas\"}]",
      "id": "CVE-2021-23050",
      "lastModified": "2024-11-21T05:51:13.403",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-09-14T13:15:11.093",
      "references": "[{\"url\": \"https://support.f5.com/csp/article/K44553214\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K44553214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"f5sirt@f5.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-23050\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2021-09-14T13:15:11.093\",\"lastModified\":\"2024-11-21T05:51:13.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3 y NGINX App Protect en todas las versiones anteriores a 3.5.0, cuando es configurado una pol\u00edtica de tipo cross-site request forgery (CSRF) en un servidor virtual, una respuesta HTML no divulgada puede causar una finalizaci\u00f3n del proceso bd. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.3.1\",\"matchCriteriaId\":\"59C90A98-C3A2-420D-8936-A094D3539AA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.1.2\",\"matchCriteriaId\":\"633F777A-10B4-42B6-867C-FC32E38A4B1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.3.1\",\"matchCriteriaId\":\"E4B53FEB-1754-49D4-953D-146D92CAC3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.1.2\",\"matchCriteriaId\":\"CE26ED82-4D38-4165-990D-4967AE130059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.3.0\",\"matchCriteriaId\":\"A5CB7297-C457-40B4-8643-CF59EC13865D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.3.0\",\"matchCriteriaId\":\"E76351C7-2FA5-4B76-87F0-4BEB5DFC73D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.5.0\",\"matchCriteriaId\":\"68577A25-8EF1-4143-8E2B-08B7D983337B\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K44553214\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K44553214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2021-23050

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-23050

Aliases

CVE-2021-23050

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-23050",
    "description": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
    "id": "GSD-2021-23050"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-23050"
      ],
      "details": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
      "id": "GSD-2021-23050",
      "modified": "2023-12-13T01:23:30.108265Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2021-23050",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "BIG-IP Advanced WAF and BIG-IP ASM 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3"
                        },
                        {
                          "version_value": "NGINX App Protect all versions before 3.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-352"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K44553214",
            "refsource": "MISC",
            "url": "https://support.f5.com/csp/article/K44553214"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1.3.1",
                "versionStartIncluding": "15.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0.1.2",
                "versionStartIncluding": "16.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1.3.1",
                "versionStartIncluding": "15.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0.1.2",
                "versionStartIncluding": "16.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.0",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.0",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.0",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23050"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K44553214",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K44553214"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-09-27T16:59Z",
      "publishedDate": "2021-09-14T13:15Z"
    }
  }
}

CERTFR-2021-AVI-689

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (WAF et ASM) versions 16.x antérieures à 16.0.1.2
F5	BIG-IP	BIG-IP (WAF et ASM) versions 15.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP (WAF et ASM) versions antérieures à 11.6.5.3
F5	BIG-IP	BIG-IP (WAF et ASM) versions 13.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP (WAF et ASM) versions 14.x antérieures à 14.1.4.2
F5	BIG-IP	BIG-IP (WAF et ASM) versions 12.x antérieures à 12.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K30150004 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 12 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K30291321 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (WAF et ASM) versions 16.x ant\u00e9rieures \u00e0 16.0.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 15.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions ant\u00e9rieures \u00e0 11.6.5.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 13.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 14.x ant\u00e9rieures \u00e0 14.1.4.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 12.x ant\u00e9rieures \u00e0 12.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-689",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de requ\u00eates\nill\u00e9gitimes par rebond (CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K30150004 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K30150004"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 12 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K30291321 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K30291321"
    }
  ]
}

CERTFR-2021-AVI-689

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (WAF et ASM) versions 16.x antérieures à 16.0.1.2
F5	BIG-IP	BIG-IP (WAF et ASM) versions 15.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP (WAF et ASM) versions antérieures à 11.6.5.3
F5	BIG-IP	BIG-IP (WAF et ASM) versions 13.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP (WAF et ASM) versions 14.x antérieures à 14.1.4.2
F5	BIG-IP	BIG-IP (WAF et ASM) versions 12.x antérieures à 12.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K30150004 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 12 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K30291321 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (WAF et ASM) versions 16.x ant\u00e9rieures \u00e0 16.0.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 15.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions ant\u00e9rieures \u00e0 11.6.5.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 13.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 14.x ant\u00e9rieures \u00e0 14.1.4.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (WAF et ASM) versions 12.x ant\u00e9rieures \u00e0 12.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-689",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de requ\u00eates\nill\u00e9gitimes par rebond (CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K30150004 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K30150004"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 12 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K30291321 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K30291321"
    }
  ]
}

CERTFR-2021-AVI-664

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 11.6.x antérieures à 11.6.5.3 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 13.1.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP versions 14.1.x antérieures à 14.1.4.4
F5	BIG-IP	BIG-IP versions 16.0.x antérieures à 16.0.1.2 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP versions 12.1.x antérieures à 12.1.6 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K05043394 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K05314769 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42051445 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K24301698 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K70415522 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94941221 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K65397301 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K93231374 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94255403 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K01153535 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42526507 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K19012930 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K52420610 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K79428827 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K45407662 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP versions 11.6.x ant\u00e9rieures \u00e0 11.6.5.3 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 13.1.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 14.1.x ant\u00e9rieures \u00e0 14.1.4.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.0.x ant\u00e9rieures \u00e0 16.0.1.2 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 12.1.x ant\u00e9rieures \u00e0 12.1.6 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23049"
    },
    {
      "name": "CVE-2021-23035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23035"
    },
    {
      "name": "CVE-2021-23032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23032"
    },
    {
      "name": "CVE-2021-23051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23051"
    },
    {
      "name": "CVE-2021-23044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23044"
    },
    {
      "name": "CVE-2021-23027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23027"
    },
    {
      "name": "CVE-2021-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23048"
    },
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    },
    {
      "name": "CVE-2021-23046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23046"
    },
    {
      "name": "CVE-2021-23045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23045"
    },
    {
      "name": "CVE-2021-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23040"
    },
    {
      "name": "CVE-2021-23029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23029"
    },
    {
      "name": "CVE-2021-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23036"
    },
    {
      "name": "CVE-2021-23030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23030"
    },
    {
      "name": "CVE-2021-23033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23033"
    },
    {
      "name": "CVE-2021-23047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23047"
    },
    {
      "name": "CVE-2021-23043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23043"
    },
    {
      "name": "CVE-2021-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23037"
    },
    {
      "name": "CVE-2021-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23041"
    },
    {
      "name": "CVE-2021-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23042"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-664",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05043394 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05043394"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05314769 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05314769"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42051445 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42051445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K24301698 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K24301698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70415522 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94941221 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94941221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K65397301 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K65397301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K93231374 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K93231374"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94255403 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94255403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01153535 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K01153535"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42526507 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42526507"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K19012930 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K19012930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K52420610 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K52420610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K79428827 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K45407662 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K45407662"
    }
  ]
}

CERTFR-2021-AVI-664

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 11.6.x antérieures à 11.6.5.3 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 13.1.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP versions 14.1.x antérieures à 14.1.4.4
F5	BIG-IP	BIG-IP versions 16.0.x antérieures à 16.0.1.2 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP versions 12.1.x antérieures à 12.1.6 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K05043394 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K05314769 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42051445 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K24301698 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K70415522 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94941221 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K65397301 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K93231374 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94255403 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K01153535 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42526507 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K19012930 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K52420610 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K79428827 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K45407662 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP versions 11.6.x ant\u00e9rieures \u00e0 11.6.5.3 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 13.1.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 14.1.x ant\u00e9rieures \u00e0 14.1.4.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.0.x ant\u00e9rieures \u00e0 16.0.1.2 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 12.1.x ant\u00e9rieures \u00e0 12.1.6 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23049"
    },
    {
      "name": "CVE-2021-23035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23035"
    },
    {
      "name": "CVE-2021-23032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23032"
    },
    {
      "name": "CVE-2021-23051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23051"
    },
    {
      "name": "CVE-2021-23044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23044"
    },
    {
      "name": "CVE-2021-23027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23027"
    },
    {
      "name": "CVE-2021-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23048"
    },
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    },
    {
      "name": "CVE-2021-23046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23046"
    },
    {
      "name": "CVE-2021-23045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23045"
    },
    {
      "name": "CVE-2021-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23040"
    },
    {
      "name": "CVE-2021-23029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23029"
    },
    {
      "name": "CVE-2021-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23036"
    },
    {
      "name": "CVE-2021-23030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23030"
    },
    {
      "name": "CVE-2021-23033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23033"
    },
    {
      "name": "CVE-2021-23047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23047"
    },
    {
      "name": "CVE-2021-23043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23043"
    },
    {
      "name": "CVE-2021-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23037"
    },
    {
      "name": "CVE-2021-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23041"
    },
    {
      "name": "CVE-2021-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23042"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-664",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05043394 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05043394"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05314769 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05314769"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42051445 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42051445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K24301698 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K24301698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70415522 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94941221 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94941221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K65397301 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K65397301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K93231374 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K93231374"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94255403 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94255403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01153535 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K01153535"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42526507 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42526507"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K19012930 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K19012930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K52420610 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K52420610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K79428827 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K45407662 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K45407662"
    }
  ]
}

VAR-202109-0788

Vulnerability from variot - Updated: 2023-12-18 12:34

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Advanced WAF , BIG-IP ASM , NGINX App Protect Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that an attacker can cause a fatal error through the CSRF policy of F5 BIG-IP WAF/ASM, thereby triggering a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0788",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nginx app protect",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "3.0.0"
      },
      {
        "model": "nginx app protect",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "2.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.3.1"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.0.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.0.1.2"
      },
      {
        "model": "nginx app protect",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.3.0"
      },
      {
        "model": "nginx app protect",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "2.3.0"
      },
      {
        "model": "nginx app protect",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.0.1.2"
      },
      {
        "model": "nginx app protect",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "3.5.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.3.1"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "nginx app protect",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "3.5.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1.3.1",
                "versionStartIncluding": "15.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0.1.2",
                "versionStartIncluding": "16.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1.3.1",
                "versionStartIncluding": "15.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0.1.2",
                "versionStartIncluding": "16.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.0",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.0",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.0",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      }
    ]
  },
  "cve": "CVE-2021-23050",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23050",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-381536",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23050",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-23050",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-2022",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-381536",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-23050",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Advanced WAF , BIG-IP ASM , NGINX App Protect Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that an attacker can cause a fatal error through the CSRF policy of F5 BIG-IP WAF/ASM, thereby triggering a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23050"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-23050",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2862",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-381536",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23050",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "id": "VAR-202109-0788",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381536"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:34:56.002000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K44553214",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k44553214"
      },
      {
        "title": "F5 BIG-IP Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164635"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.f5.com/csp/article/k44553214"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23050"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/f5-big-ip-waf-asm-denial-of-service-via-csrf-policy-36186"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2862"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23050"
      },
      {
        "date": "2022-08-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "date": "2021-09-14T13:15:11.093000",
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381536"
      },
      {
        "date": "2021-09-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23050"
      },
      {
        "date": "2022-08-24T06:54:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      },
      {
        "date": "2021-09-27T16:59:40.990000",
        "db": "NVD",
        "id": "CVE-2021-23050"
      },
      {
        "date": "2021-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0F5\u00a0Networks\u00a0 Product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012113"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2022"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-23050

Vulnerability from fkie_nvd - Published: 2021-09-14 13:15 - Updated: 2024-11-21 05:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	f5sirt@f5.com	https://support.f5.com/csp/article/K44553214	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K44553214	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	nginx_app_protect	*
f5	nginx_app_protect	*
f5	nginx_app_protect	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C90A98-C3A2-420D-8936-A094D3539AA2",
              "versionEndExcluding": "15.1.3.1",
              "versionStartIncluding": "15.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "633F777A-10B4-42B6-867C-FC32E38A4B1A",
              "versionEndExcluding": "16.0.1.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B53FEB-1754-49D4-953D-146D92CAC3BF",
              "versionEndExcluding": "15.1.3.1",
              "versionStartIncluding": "15.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE26ED82-4D38-4165-990D-4967AE130059",
              "versionEndExcluding": "16.0.1.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5CB7297-C457-40B4-8643-CF59EC13865D",
              "versionEndIncluding": "1.3.0",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76351C7-2FA5-4B76-87F0-4BEB5DFC73D6",
              "versionEndIncluding": "2.3.0",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_app_protect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68577A25-8EF1-4143-8E2B-08B7D983337B",
              "versionEndExcluding": "3.5.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3 y NGINX App Protect en todas las versiones anteriores a 3.5.0, cuando es configurado una pol\u00edtica de tipo cross-site request forgery (CSRF) en un servidor virtual, una respuesta HTML no divulgada puede causar una finalizaci\u00f3n del proceso bd. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2021-23050",
  "lastModified": "2024-11-21T05:51:13.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-14T13:15:11.093",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K44553214"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-65637

Vulnerability from cnvd - Published: 2021-08-26

Title

F5 BIG IP Advanced WAF and ASM拒绝服务漏洞

Description

F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS，远程接入策略管理等功能的应用交付平台。 F5 BIG IP Advanced WAF and ASM拒绝服务漏洞，在Virtual Server上关联了开启CSRF防护的ASM profile时，特定的html返回页面会导致bd进程终止。当BD进程重新启动时，流量中断。攻击者可利用该漏洞在BIG-IP系统上造成拒绝服务 (DoS)。

Severity

中

Patch Name

F5 BIG IP Advanced WAF and ASM拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.f5.com/csp/article/K44553214

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23050

Impacted products

Name
['F5 BIG-IP (Advanced WAF and ASM) 15.1.0-15.1.3', 'F5 BIG-IP (Advanced WAF and ASM) 16.0.0-16.0.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23050"
    }
  },
  "description": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 BIG IP Advanced\u00a0 WAF and ASM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5728Virtual Server\u4e0a\u5173\u8054\u4e86\u5f00\u542fCSRF\u9632\u62a4\u7684ASM profile\u65f6\uff0c \u7279\u5b9a\u7684html\u8fd4\u56de\u9875\u9762\u4f1a\u5bfc\u81f4bd\u8fdb\u7a0b\u7ec8\u6b62\u3002\u5f53BD\u8fdb\u7a0b\u91cd\u65b0\u542f\u52a8\u65f6\uff0c\u6d41\u91cf\u4e2d\u65ad\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728BIG-IP\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u00a0(DoS)\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.f5.com/csp/article/K44553214",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-65637",
  "openTime": "2021-08-26",
  "patchDescription": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 BIG IP Advanced\u00a0 WAF and ASM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5728Virtual Server\u4e0a\u5173\u8054\u4e86\u5f00\u542fCSRF\u9632\u62a4\u7684ASM profile\u65f6\uff0c \u7279\u5b9a\u7684html\u8fd4\u56de\u9875\u9762\u4f1a\u5bfc\u81f4bd\u8fdb\u7a0b\u7ec8\u6b62\u3002\u5f53BD\u8fdb\u7a0b\u91cd\u65b0\u542f\u52a8\u65f6\uff0c\u6d41\u91cf\u4e2d\u65ad\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728BIG-IP\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u00a0(DoS)\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG IP Advanced\u00a0 WAF and ASM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 BIG-IP (Advanced WAF and ASM) 15.1.0-15.1.3",
      "F5 BIG-IP (Advanced WAF and ASM) 16.0.0-16.0.1"
    ]
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23050",
  "serverity": "\u4e2d",
  "submitTime": "2021-08-26",
  "title": "F5 BIG IP Advanced\u00a0 WAF and ASM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-RF2J-3WW5-QFXX

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-23050"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-14T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-rf2j-3ww5-qfxx",
  "modified": "2022-05-24T19:14:26Z",
  "published": "2022-05-24T19:14:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23050"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K44553214"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-23050 (GCVE-0-2021-23050)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature