Vulnerability in F5 Big-ip_access_policy_manager
CVE-2021-22987
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI…
EPSS: 0.137 (96.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- F5 Big-ip_access_policy_manager
- F5 Big-ip_advanced_firewall_manager
- F5 Big-ip_advanced_web_application_firewall
- F5 Big-ip_analytics
- F5 Big-ip_application_acceleration_manager
- F5 Big-ip_application_security_manager
- F5 Big-ip_ddos_hybrid_defender
- F5 Big-ip_domain_name_system
- F5 Big-ip_fraud_protection_service
- F5 Big-ip_global_traffic_manager
Public proof-of-concept exploits
References
- f5sirt@f5.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-22987?
- CVE-2021-22987 is a critical-severity vulnerability in F5 Big-ip_access_policy_manager. CVSS score: 9.9/10. Published 2021-03-31.
- How severe is CVE-2021-22987?
- Critical severity. CVSS v3 base score is 9.9 out of 10.
- Is CVE-2021-22987 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.