Open Redirect Vulnerability in BIG-IP APM by F5 Networks
CVE-2021-23052

6.1MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 14 September 2021

Summary

An open redirect vulnerability exists in F5 Networks' BIG-IP APM access policy, specifically on virtual servers running versions prior to 14.1.4.4 and throughout the 13.1.x line. This flaw allows an unauthenticated attacker to craft a redirect URI, potentially leading users to harmful sites. System administrators should ensure they are on the latest version and review the configurations of their access policies to prevent exploitation of this vulnerability.

Affected Version(s)

BIG-IP APM 14.1.x before 14.1.4.4 and all versions of 13.1.x

References

https://support.f5.com/csp/article/K32734107

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Jan 6, 2021