PT-2021-15364 · F5 · Big-Ip Afm
Published
2021-09-14
·
Updated
2021-09-24
·
CVE-2021-23040
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BIG-IP AFM versions 12.1.x
BIG-IP AFM versions 13.1.x before 13.1.4.1
BIG-IP AFM versions 14.1.x before 14.1.4.2
BIG-IP AFM versions 15.1.x before 15.1.3
BIG-IP AFM versions 16.0.x before 16.0.1.2
Description
A SQL injection issue exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned.
Recommendations
For BIG-IP AFM version 12.1.x, update to a version after 12.1.x.
For BIG-IP AFM versions 13.1.x before 13.1.4.1, update to version 13.1.4.1 or later.
For BIG-IP AFM versions 14.1.x before 14.1.4.2, update to version 14.1.4.2 or later.
For BIG-IP AFM versions 15.1.x before 15.1.3, update to version 15.1.3 or later.
For BIG-IP AFM versions 16.0.x before 16.0.1.2, update to version 16.0.1.2 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip Afm