CVE-2021-23029 - AskarLabs CVE Database

CVE-2021-23029

Vendor N/A

Product BIG-IP Advanced WAF and BIG-IP ASM

Weakness CWE-918 · SSRF

Published September 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

September 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-23029

Related vulnerabilities

04Related CVE

CVE-2024-12121 Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio CVE-2022-42343 Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src CVE-2022-2267 MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF