CVE-2021-23026

Name of the Vulnerable Software and Affected Versions BIG-IP versions 16.0.x through 16.0.1.1 BIG-IP versions 15.1.x through 15.1.2 BIG-IP versions 14.1.x through 14.1.4.1 BIG-IP versions 13.1.x through 13.1.4.0 BIG-IP version 12.1.x BIG-IP version 11.6.x BIG-IQ versions 8.x BIG-IQ versions 7.x BIG-IQ versions 6.x

Description The issue allows for cross-site request forgery (CSRF) attacks through iControl SOAP. This can be exploited to perform unauthorized actions on the affected system.

Recommendations For BIG-IP versions 16.0.x, update to version 16.0.1.2 or later. For BIG-IP versions 15.1.x, update to version 15.1.3 or later. For BIG-IP versions 14.1.x, update to version 14.1.4.2 or later. For BIG-IP versions 13.1.x, update to version 13.1.4.1 or later. For BIG-IP versions 12.1.x and 11.6.x, and all versions of BIG-IQ 8.x, 7.x, and 6.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.