What is CVE-2021-23037?

CVE-2021-23037 is a critical-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Cross-site Scripting. CVSS score: 9.6/10. Published 2021-09-14.

How severe is CVE-2021-23037?

Critical severity. CVSS v3 base score is 9.6 out of 10.

XSS in F5 Big-ip_access_policy_manager

CVE-2021-23037

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaSc…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (51.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

F5 Big-ip_access_policy_manager
F5 Big-ip_advanced_firewall_manager
F5 Big-ip_analytics
F5 Big-ip_application_acceleration_manager
F5 Big-ip_application_security_manager
F5 Big-ip_domain_name_system
F5 Big-ip_fraud_protection_service
F5 Big-ip_global_traffic_manager
F5 Big-ip_link_controller
F5 Big-ip_local_traffic_manager

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

f5sirt@f5.com (x_refsource_MISC, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2021-23037?: CVE-2021-23037 is a critical-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Cross-site Scripting. CVSS score: 9.6/10. Published 2021-09-14.
How severe is CVE-2021-23037?: Critical severity. CVSS v3 base score is 9.6 out of 10.