cbcvebase.
CVE-2021-23037
published 2021-09-14

CVE-2021-23037: On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed…

critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected

78 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager11.6.0 – 11.6.5
f5big-ip_access_policy_manager12.1.0 – 12.1.6
f5big-ip_access_policy_manager13.1.0 – 13.1.4
f5big-ip_access_policy_manager14.1.0 – 14.1.4
f5big-ip_access_policy_manager15.1.0 – 15.1.3
f5big-ip_access_policy_manager16.0.0 – 16.1.0
f5big-ip_advanced_firewall_manager11.6.0 – 11.6.5
f5big-ip_advanced_firewall_manager12.1.0 – 12.1.6
f5big-ip_advanced_firewall_manager13.1.0 – 13.1.4
f5big-ip_advanced_firewall_manager14.1.0 – 14.1.4
f5big-ip_advanced_firewall_manager15.1.0 – 15.1.3
f5big-ip_advanced_firewall_manager16.0.0 – 16.1.0
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics11.6.0 – 11.6.5
f5big-ip_analytics12.1.0 – 12.1.6
f5big-ip_analytics13.1.0 – 13.1.4
f5big-ip_analytics14.1.0 – 14.1.4
f5big-ip_analytics15.1.0 – 15.1.3
f5big-ip_analytics16.0.0 – 16.1.0
f5big-ip_apm
f5big-ip_application_acceleration_manager11.6.0 – 11.6.5
f5big-ip_application_acceleration_manager12.1.0 – 12.1.6