Access Control Vulnerability in BIG-IP APM by F5 Networks
CVE-2021-23016

5.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 10 May 2021

Summary

An access control vulnerability exists in F5's BIG-IP APM which allows an attacker to bypass internal restrictions and access static content hosted within the APM. By crafting specific requests directed at an APM Virtual Server, malicious actors could potentially exploit this flaw, leading to unauthorized information disclosure. Users of affected versions should prioritize applying available security updates to mitigate risks.

Affected Version(s)

BIG-IP APM 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x.

References

https://support.f5.com/csp/article/K75540265

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2021
Vulnerability Reserved
Jan 6, 2021