5.3
CVE-2021-23016
- EPSS 0.26%
- Published 10.05.2021 15:15:07
- Last modified 21.11.2024 05:51:09
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Big-ip Access Policy Manager Version >= 11.6.1 <= 11.6.5
F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.6
F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 < 13.1.4
F5 ≫ Big-ip Access Policy Manager Version >= 14.1.0 < 14.1.4.1
F5 ≫ Big-ip Access Policy Manager Version >= 15.1.0 < 15.1.3
F5 ≫ Big-ip Access Policy Manager Version >= 16.0.0 <= 16.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.467 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|