CVE-2021-23046

CWE-532Log File Information Exposure4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 52.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Access Policy ManagerF5 Big-ip Guided Configuration
Timeline
PublishedSep 14
Latest updateMay 24

Description

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5big-ip_guided_configurationAll versions before 8.0.0
NVDf5/big-ip_access_policy_manager16.0.016.1.0+3

🔴Vulnerability Details

2
GHSA
GHSA-rcxf-wcpq-j795: On all versions of Guided Configuration before 82022-05-24
CVEList
CVE-2021-23046: On all versions of Guided Configuration before 82021-09-14

📋Vendor Advisories

1
F5
CVE-2021-23046: On all versions of Guided Configuration before 82021-09-14
CVE-2021-23046 (MEDIUM CVSS 4.9) | On all versions of Guided Configura | cvebase.io