CVE-2021-22984

Published Feb 12, 2021

Last updated 4 years ago

CVSS medium 6.1

Overview

Description: On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-601

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E64263B7-7BE1-472E-9130-7BC8F2932683",
            "versionEndExcluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "694C630B-5342-4C6C-A0FA-050B9C76936D",
            "versionEndExcluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC400989-FE65-4DEC-B9DD-7BEF6EB72DC0",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "925D0924-8CEB-4F06-B1ED-4ACA34D24201",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FBF20C1-5B3C-4DC0-B6F7-4DB0205BF2B0",
            "versionEndExcluding": "15.0.1.4",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D003688C-AB35-4169-85E9-1B2DDF399DB1",
            "versionEndExcluding": "15.1.0.2",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8999F566-9884-4CAA-BED7-8CF72F11E6F8",
            "versionEndExcluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91BF72A9-EB50-4315-B956-5926967DCC46",
            "versionEndExcluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AEE0B76-3F8E-420A-9589-BF3FDB942DEB",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA9E370F-2A37-4612-91DD-2B1FD7EECCE7",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6C4B56F-D022-4268-9D78-6E4D12AE9215",
            "versionEndExcluding": "15.0.1.4",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53CA3EC2-CE36-4388-A7A9-4311AD80A8B2",
            "versionEndExcluding": "15.1.0.2",
            "versionStartIncluding": "15.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References