Open Redirection Vulnerability in F5 BIG-IP Advanced WAF and ASM
CVE-2021-22984

6.1MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Advanced Waf & Big-ip Asm
Vendor: CVE Published:; 12 February 2021

What is CVE-2021-22984?

The vulnerability in F5 BIG-IP Advanced WAF and ASM allows for Open Redirection attacks when an unauthenticated client sends a crafted URI. This can impact clients and web servers when using a DoS profile with Proactive Bot Defense or Bot Defense profile settings. It specifically affects multiple versions of the software, opening the door for malicious users to redirect traffic in unsanctioned ways, potentially leading to further exploitation or data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP Advanced WAF & BIG-IP ASM 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2

References

https://support.f5.com/csp/article/K33440533

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Jan 6, 2021

JSON

F5