CVE-2021-23052 — Open Redirect in F5 Big-ip Access Policy Manager

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 55.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip APM

Timeline

PublishedSep 14

Latest updateMay 24

Description

On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDf5/big-ip_access_policy_manager14.1.0 — 14.1.4.4+1

▶CVEListV5f5/big-ip_apm14.1.x before 14.1.4.4 and all versions of 13.1.x

🔴Vulnerability Details

GHSA

GHSA-pjwq-vqfj-r3hh: On version 14↗2022-05-24

▶

CVEList

CVE-2021-23052: On version 14↗2021-09-14

▶

📋Vendor Advisories

CVE-2021-23052: On version 14↗2021-09-14

▶