Open Redirection Vulnerability in F5 BIG-IP Advanced WAF and ASM
CVE-2021-22984

6.1MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Advanced Waf & Big-ip Asm
Vendor: CVE Published:; 12 February 2021

What is CVE-2021-22984?

The vulnerability in F5 BIG-IP Advanced WAF and ASM allows for Open Redirection attacks when an unauthenticated client sends a crafted URI. This can impact clients and web servers when using a DoS profile with Proactive Bot Defense or Bot Defense profile settings. It specifically affects multiple versions of the software, opening the door for malicious users to redirect traffic in unsanctioned ways, potentially leading to further exploitation or data breaches.

Affected Version(s)

BIG-IP Advanced WAF & BIG-IP ASM 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2

References

https://support.f5.com/csp/article/K33440533

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Jan 6, 2021