An open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. (CVE-2021-23052)
Impact
An unauthenticated attacker can create an open redirect URI with a specially crafted value and trick BIG-IP APM users into visiting the crafted URI. Victims may be redirected to a malicious website by following the misleading URI.