CVE-2021-23052
First published: Tue Sep 14 2021(Updated: )
On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Big-ip Access Policy Manager | >=13.1.0<=13.1.4 | |
| F5 Big-ip Access Policy Manager | >=14.1.0<14.1.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-23052?
The severity of CVE-2021-23052 is rated as medium with a CVSS score of 6.1.
How do I fix CVE-2021-23052?
To fix CVE-2021-23052, upgrade to F5 BIG-IP Access Policy Manager version 14.1.4.4 or above, or to a fixed version in the 13.1.x series.
What exploit exists for CVE-2021-23052?
CVE-2021-23052 allows an unauthenticated attacker to utilize an open redirect vulnerability on affected versions.
Which versions are vulnerable to CVE-2021-23052?
Versions 14.1.x before 14.1.4.4 and all versions of 13.1.x are vulnerable to CVE-2021-23052.
What type of vulnerability is CVE-2021-23052?
CVE-2021-23052 is classified as an open redirect vulnerability.
- collector/nvd-index
- vendor/f5
- product/big-ip access policy manager
- canonical/f5 big-ip access policy manager