CVE-2021-23046
First published: Tue Sep 14 2021(Updated: )
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.4 | |
| F5 BIG-IP Access Policy Manager | >=14.1.0<=14.1.4 | |
| F5 BIG-IP Access Policy Manager | >=15.1.0<=15.1.3 | |
| F5 BIG-IP Access Policy Manager | >=16.0.0<16.1.0 | |
| F5 BIG-IP Guided Configuration | <8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-23046?
CVE-2021-23046 is a vulnerability in F5 BIG-IP Guided Configuration that allows secure properties to be logged in restnoded logs.
What is the severity of CVE-2021-23046?
CVE-2021-23046 has a severity rating of 4.9 (medium).
Which software versions are affected by CVE-2021-23046?
CVE-2021-23046 affects F5 BIG-IP Access Policy Manager versions 13.1.0 to 13.1.4, 14.1.0 to 14.1.4, 15.1.0 to 15.1.3, and F5 BIG-IP Guided Configuration up to version 8.0.0.
How can I fix CVE-2021-23046?
To fix CVE-2021-23046, upgrade to F5 BIG-IP Guided Configuration version 8.0.0 or later.
Where can I find more information about CVE-2021-23046?
More information about CVE-2021-23046 can be found at the following link: [https://support.f5.com/csp/article/K70652532](https://support.f5.com/csp/article/K70652532).
- collector/nvd-index
- vendor/f5
- product/big-ip access policy manager
- canonical/f5 big-ip access policy manager
- product/big-ip guided configuration
- canonical/f5 big-ip guided configuration