VYPR
Unrated severityNVD Advisory· Published Sep 14, 2021· Updated Aug 3, 2024

CVE-2021-23040

CVE-2021-23040

Description

On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected products

2
  • F5 Networks/BIG-IP AFMdescription
  • Range: >=12.1.0, <16.0.1.2; >=14.1.0, <14.1.4.2; >=15.1.0, <15.1.3; >=16.0.0, <16.0.1.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.