CVE-2021-23054

Name of the Vulnerable Software and Affected Versions BIG-IP APM versions 11.6.x BIG-IP APM versions 12.1.x BIG-IP APM versions 13.1.x BIG-IP APM versions 14.1.x through 14.1.4.4 BIG-IP APM versions 15.1.x through 15.1.4 BIG-IP APM versions 16.x through 16.1.0

Description A reflected cross-site scripting (XSS) issue exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. This occurs due to insufficient input validation, allowing an attacker to inject malicious scripts. The vulnerability can be exploited when a user clicks on a specially crafted link.

Recommendations For versions 11.6.x, consider disabling the resource information page for authenticated users until a patch is available. For versions 12.1.x, restrict access to the resource information page to minimize the risk of exploitation. For versions 13.1.x, avoid using the full webtop configuration until the issue is resolved. For versions 14.1.x through 14.1.4.4, update to version 14.1.4.4 or later. For versions 15.1.x through 15.1.4, update to version 15.1.4 or later. For versions 16.x through 16.1.0, update to version 16.1.0 or later.