CVE-2021-23026

Published: Sep 14, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendor	Product	Versions
n/a	BIG-IP & BIG-IQ	affected `BIG-IP 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x` affected `all versions of BIG-IQ 8.x, 7.x, and 6.x`

Weaknesses (CWE)

CWE-352

References

https://support.f5.com/csp/article/K53854428

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-23026

Description

Affected Products

Weaknesses (CWE)

References