CVE-2021-22984

Name of the Vulnerable Software and Affected Versions BIG-IP Advanced WAF and ASM versions 15.1.x through 15.1.0.1 BIG-IP Advanced WAF and ASM versions 15.0.x through 15.0.1.3 BIG-IP Advanced WAF and ASM versions 14.1.x through 14.1.2.4 BIG-IP Advanced WAF and ASM versions 13.1.x through 13.1.3.3 BIG-IP Advanced WAF and ASM versions 12.1.x through 12.1.5.1 BIG-IP Advanced WAF and ASM versions 11.6.x through 11.6.5.1

Description When receiving an unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks.

Recommendations For BIG-IP Advanced WAF and ASM version 15.1.x, update to version 15.1.0.2 or later. For BIG-IP Advanced WAF and ASM version 15.0.x, update to version 15.0.1.4 or later. For BIG-IP Advanced WAF and ASM version 14.1.x, update to version 14.1.2.5 or later. For BIG-IP Advanced WAF and ASM version 13.1.x, update to version 13.1.3.4 or later. For BIG-IP Advanced WAF and ASM version 12.1.x, update to version 12.1.5.2 or later. For BIG-IP Advanced WAF and ASM version 11.6.x, update to version 11.6.5.2 or later.