How severe is CVE-2021-23002?

Medium severity. CVSS v3 base score is 4.5 out of 10.

Is CVE-2021-23002 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in F5 Access_policy_manager_clients

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before…

EPSS: 0.003 (25.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

F5 Access_policy_manager_clients
F5 Big-ip_access_policy_manager
N/a Big-ip Apm And Edge Client — versions BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, all 12.1.x and 11.6.x versions, Edge Client 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, 7.1.8.x before 7.1.8.5

Public proof-of-concept exploits

References

f5sirt@f5.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-23002?: CVE-2021-23002 is a medium-severity vulnerability in F5 Access_policy_manager_clients. CVSS score: 4.5/10. Published 2021-03-31.
How severe is CVE-2021-23002?: Medium severity. CVSS v3 base score is 4.5 out of 10.
Is CVE-2021-23002 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.