Lucene search
F5CVELIST:CVE-2021-23028HistorySep 14, 2021 - 8:53 p.m.
CVE-2021-23028
2021-09-1420:53:54
CWE-20
f5
www.cve.org
1
0.001 Low
EPSS
Percentile
42.5%
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CNA Affected
[
{
"product": "BIG-IP Advanced WAF and BIG-IP ASM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4"
}
]
}
]References
Related
f5
f5
K00602225 : Advanced WAF and BIG-IP ASM vulnerability CVE-2021-23028
2021-08-24 00:00:00
K50974556 : Overview of F5 vulnerabilities (August 2021)
2021-08-24 00:00:00
cve
cve
CVE-2021-23028
2021-09-14 21:15:07
prion
prion
Code injection
2021-09-14 21:15:00
cnvd
cnvd
F5 BIG-IP Advanced WAF and ASM are unspecified vulnerabilities
2021-08-26 00:00:00
nvd
nvd
CVE-2021-23028
2021-09-14 21:15:07
thn
thn
F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
2021-08-26 11:51:00
threatpost
threatpost
F5 Bug Could Lead to Complete System Takeover
2021-08-26 16:40:38