Search

Find a vulnerability

Search criteria

    33 vulnerabilities found for SSL Orchestrator by F5

    CVE-2026-42780 (GCVE-0-2026-42780)

    Vulnerability from nvd – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:16
    VLAI
    Title
    BIG-IP SSL Orchestrator vulnerability
    Summary
    A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000149743 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 BIG-IP Unaffected: 21.1.0 , < * (custom)
    Affected: 21.0.0 , < 21.0.0.1 (custom)
    Affected: 17.5.0 , < 17.5.1.5 (custom)
    Affected: 17.1.0 , < 17.1.3.1 (custom)
    Affected: 16.1.0 , < * (custom)
    Create a notification for this product.
    F5 SSL Orchestrator Unaffected: 14.0 , < * (custom)
    Affected: 13.0 , < 13.1.3 (custom)
    Affected: 12.0 , < 12.3.2 (custom)
    Affected: 11.0 , < 11.4.1 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T16:01:28.405672Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T16:16:50.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "SSLO"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "21.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.0.0.1",
                  "status": "affected",
                  "version": "21.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.5.1.5",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.1.3.1",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SSL Orchestrator",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.1.3",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.3.2",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.4.1",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-05-13T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.\u003c/span\u003e\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T14:12:29.197Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000149743"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP SSL Orchestrator vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42780",
        "datePublished": "2026-05-13T14:12:29.197Z",
        "dateReserved": "2026-04-30T23:02:33.926Z",
        "dateUpdated": "2026-05-13T16:16:50.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41430 (GCVE-0-2025-41430)

    Vulnerability from nvd – Published: 2025-10-15 13:55 – Updated: 2026-02-26 16:57
    VLAI
    Title
    BIG-IP SSL Orchestrator vulnerability
    Summary
    When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Affected: 17.5.0 , < 17.5.1 (custom)
    Affected: 17.1.0 , < 17.1.3 (custom)
    Affected: 16.1.0 , < 16.1.4 (custom)
    Affected: 15.1.0 , < * (custom)
    Create a notification for this product.
    F5 SSL Orchestrator Affected: 12.0 , < 12.1 (custom)
    Affected: 11.0 , < 11.2 (custom)
    Affected: 9.0 , < 9.4 (custom)
    Affected: 7.0 , < * (custom)
    Create a notification for this product.
    Date Public
    2025-10-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T03:56:31.442039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:43.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "SSL Orchestrator"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "17.5.1",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.1.3",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.4",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "15.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SSL Orchestrator",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "12.1",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.2",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2025-10-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T13:55:48.081Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000150667"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP SSL Orchestrator vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2025-41430",
        "datePublished": "2025-10-15T13:55:48.081Z",
        "dateReserved": "2025-04-23T22:28:44.389Z",
        "dateUpdated": "2026-02-26T16:57:43.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42780 (GCVE-0-2026-42780)

    Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:16
    VLAI
    Title
    BIG-IP SSL Orchestrator vulnerability
    Summary
    A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000149743 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 BIG-IP Unaffected: 21.1.0 , < * (custom)
    Affected: 21.0.0 , < 21.0.0.1 (custom)
    Affected: 17.5.0 , < 17.5.1.5 (custom)
    Affected: 17.1.0 , < 17.1.3.1 (custom)
    Affected: 16.1.0 , < * (custom)
    Create a notification for this product.
    F5 SSL Orchestrator Unaffected: 14.0 , < * (custom)
    Affected: 13.0 , < 13.1.3 (custom)
    Affected: 12.0 , < 12.3.2 (custom)
    Affected: 11.0 , < 11.4.1 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T16:01:28.405672Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T16:16:50.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "SSLO"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "21.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.0.0.1",
                  "status": "affected",
                  "version": "21.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.5.1.5",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.1.3.1",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SSL Orchestrator",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.1.3",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.3.2",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.4.1",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-05-13T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.\u003c/span\u003e\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T14:12:29.197Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000149743"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP SSL Orchestrator vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42780",
        "datePublished": "2026-05-13T14:12:29.197Z",
        "dateReserved": "2026-04-30T23:02:33.926Z",
        "dateUpdated": "2026-05-13T16:16:50.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41430 (GCVE-0-2025-41430)

    Vulnerability from cvelistv5 – Published: 2025-10-15 13:55 – Updated: 2026-02-26 16:57
    VLAI
    Title
    BIG-IP SSL Orchestrator vulnerability
    Summary
    When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Affected: 17.5.0 , < 17.5.1 (custom)
    Affected: 17.1.0 , < 17.1.3 (custom)
    Affected: 16.1.0 , < 16.1.4 (custom)
    Affected: 15.1.0 , < * (custom)
    Create a notification for this product.
    F5 SSL Orchestrator Affected: 12.0 , < 12.1 (custom)
    Affected: 11.0 , < 11.2 (custom)
    Affected: 9.0 , < 9.4 (custom)
    Affected: 7.0 , < * (custom)
    Create a notification for this product.
    Date Public
    2025-10-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T03:56:31.442039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:43.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "SSL Orchestrator"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "17.5.1",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.1.3",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.4",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "15.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SSL Orchestrator",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "12.1",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.2",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2025-10-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T13:55:48.081Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000150667"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP SSL Orchestrator vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2025-41430",
        "datePublished": "2025-10-15T13:55:48.081Z",
        "dateReserved": "2025-04-23T22:28:44.389Z",
        "dateUpdated": "2026-02-26T16:57:43.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-202510-1106

    Vulnerability from variot - Updated: 2025-11-19 23:21

    When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An attacker could exploit this vulnerability to cause system performance degradation, ultimately forcing or manually restarting the Traffic Management Microkernel (TMM) process, resulting in a denial of service (DoS)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-1106",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.3"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10.8"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.6"
          },
          {
            "model": "big-ip",
            "scope": null,
            "trust": 0.6,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "ssl orchestrator",
            "scope": null,
            "trust": 0.6,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "cve": "CVE-2025-55036",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-25372",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "f5sirt@f5.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-55036",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "f5sirt@f5.com",
                "id": "CVE-2025-55036",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-25372",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. \u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An attacker could exploit this vulnerability to cause system performance degradation, ultimately forcing or manually restarting the Traffic Management Microkernel (TMM) process, resulting in a denial of service (DoS)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-55036",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "id": "VAR-202510-1106",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          }
        ],
        "trust": 1.0615448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:21:10.304000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/744131"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://my.f5.com/manage/s/article/k000151368"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-55036"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "date": "2025-10-15T14:15:51.293000",
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          },
          {
            "date": "2025-10-21T20:08:11.750000",
            "db": "NVD",
            "id": "CVE-2025-55036"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-25372"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0654

    Vulnerability from variot - Updated: 2025-11-18 15:14

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0654",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-iq centralized management",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "7.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-iq centralized management",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "7.1.0.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-iq centralized management",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "7.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-iq centralized management",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "6.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-iq centralized management",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "6.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-iq centralized management",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "7.0.0.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Al1ex",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-22986",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-22986",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22986",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22986",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22986",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-22986",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22986",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-770",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381472",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22986",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22986"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-381472",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22986",
            "trust": 2.6
          },
          {
            "db": "PACKETSTORM",
            "id": "162059",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162066",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0870",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "49738",
            "trust": 0.6
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021040027",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16852",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16850",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16851",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16849",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99156",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22986",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "id": "VAR-202103-0654",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-11-18T15:14:29.802000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K03009991",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K03009991"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144295"
          },
          {
            "title": "CVE-2021-22986-Poc",
            "trust": 0.1,
            "url": "https://github.com/dorkerdevil/CVE-2021-22986-Poc "
          },
          {
            "title": "CVE-2021-22986",
            "trust": 0.1,
            "url": "https://github.com/Udyz/CVE-2021-22986 "
          },
          {
            "title": "linbing",
            "trust": 0.1,
            "url": "https://github.com/taomujian/linbing "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-918",
            "trust": 1.1
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://packetstormsecurity.com/files/162066/f5-big-ip-16.0.x-remote-code-execution.html"
          },
          {
            "trust": 2.2,
            "url": "http://packetstormsecurity.com/files/162059/f5-icontrol-server-side-request-forgery-remote-command-execution.html"
          },
          {
            "trust": 1.6,
            "url": "https://support.f5.com/csp/article/k03009991"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22986"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-22986"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0870"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021040027"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-icontrol-rest-34806"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/49738"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k52510511"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22986"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "date": "2021-03-31T15:15:15.153000",
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2022-07-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22986"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          },
          {
            "date": "2021-12-06T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          },
          {
            "date": "2025-10-27T17:06:56.680000",
            "db": "NVD",
            "id": "CVE-2021-22986"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005030"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0965

    Vulnerability from variot - Updated: 2025-11-18 15:14

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0965",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Google Security Research",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-22991",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22991",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22991",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22991",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22991",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-22991",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22991",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-784",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381472",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22991",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22991"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-381472",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22991",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161752",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0875",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16852",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16850",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16851",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16849",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162059",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162066",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99156",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22991",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "id": "VAR-202103-0965",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-11-18T15:14:29.761000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K56715231",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K56715231"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146016"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/"
          },
          {
            "title": "F5\u306e\u8106\u5f31\u6027\u60c5\u5831",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          },
          {
            "title": "\u4e3b\u6d41\u4f9b\u5e94\u5546\u7684\u4e00\u4e9b\u653b\u51fb\u6027\u6f0f\u6d1e\u6c47\u603b",
            "trust": 0.1,
            "url": "https://github.com/r0eXpeR/supplier "
          },
          {
            "title": "Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/tzwlhack/Vulnerability "
          },
          {
            "title": "SecBooks\nSecBooks\u76ee\u5f55",
            "trust": 0.1,
            "url": "https://github.com/SexyBeast233/SecBooks "
          },
          {
            "title": "Known Exploited Vulnerabilities Detector",
            "trust": 0.1,
            "url": "https://github.com/Ostorlab/KEV "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-918",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k56715231"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22991"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-22991"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/161752/f5-big-ip-tmm-uri_normalize_host-information-disclosure-out-of-bounds-write.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0875"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-buffer-overflow-via-tmm-uri-normalization-34817"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k52510511"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "date": "2021-03-31T18:15:14.787000",
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2023-08-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22991"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          },
          {
            "date": "2021-12-08T04:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          },
          {
            "date": "2025-10-27T17:06:52.600000",
            "db": "NVD",
            "id": "CVE-2021-22991"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Buffer Overflow Vulnerability in Linux",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005131"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-784"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1393

    Vulnerability from variot - Updated: 2025-11-18 15:12

    In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. plural BIG-IP The product contains a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP Version 15.1.0, Version 15.0.0, Version 14.1.0 to Version 14.1.2, Version 13.1.0 to Version 13.1.3, Version 12.1.0 to Version 12.1.5 , version 11.6.1 to version 11.6.5. ## RCE:

    curl -v -k 'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin'

    Read File:

    curl -v -k 'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1393",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_firewall_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_web_application_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_analytics",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_acceleration_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_security_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_ddos_hybrid_defender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_domain_name_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_fraud_protection_service",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_global_traffic_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Several of these vulnerabilities were reported by Mikhail Klyuchnikov of Positive Technologies, who worked with F5 on a coordinated disclosure. This document was written by Vijay Sarvepalli. ",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2020-5902",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5902",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007318",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-184027",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5902",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007318",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5902",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2020-5902",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007318",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-053",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184027",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5902",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include:  Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user\u0027s input to prevent both XSS and CSRF, allowing a \"Deadly Combinations of XSS and CSRF\" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models  F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. plural BIG-IP The product contains a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP Version 15.1.0, Version 15.0.0, Version 14.1.0 to Version 14.1.2, Version 13.1.0 to Version 13.1.3, Version 12.1.0 to Version 12.1.5 , version 11.6.1 to version 11.6.5. ## RCE: \n\ncurl -v -k  \u0027https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin\u0027\n\n## Read File: \n\ncurl -v -k  \u0027https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd\u0027\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          },
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "db": "PACKETSTORM",
            "id": "158333"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-184027",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5902",
            "trust": 3.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#290915",
            "trust": 3.3
          },
          {
            "db": "PACKETSTORM",
            "id": "158333",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "158366",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158334",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158581",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158414",
            "trust": 1.2
          },
          {
            "db": "PACKETSTORM",
            "id": "175671",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU90376702",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318",
            "trust": 0.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "48711",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2260.6",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2260.5",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2260",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2260.7",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2260.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2260.2",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47132",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47063",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "48642",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98285",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-184027",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5902",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "db": "PACKETSTORM",
            "id": "158414"
          },
          {
            "db": "PACKETSTORM",
            "id": "158333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "id": "VAR-202007-1393",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-11-18T15:12:19.532000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K52145254",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K52145254"
          },
          {
            "title": "cve-2020-5902",
            "trust": 0.1,
            "url": "https://github.com/r0ttenbeef/cve-2020-5902 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/theLSA/f5-bigip-rce-cve-2020-5902 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-94",
            "trust": 0.9
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-829",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.kb.cert.org/vuls/id/290915"
          },
          {
            "trust": 2.5,
            "url": "https://support.f5.com/csp/article/k52145254"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/158366/f5-big-ip-tmui-directory-traversal-file-upload-code-execution.html"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/158414/checker-cve-2020-5902.html"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/158581/f5-big-ip-13.1.3-build-0.0.6-local-file-inclusion.html"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/158333/big-ip-tmui-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/158334/big-ip-tmui-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/critical-start/team-ares/tree/master/cve-2020-5902"
          },
          {
            "trust": 1.7,
            "url": "https://swarm.ptsecurity.com/rce-in-f5-big-ip/"
          },
          {
            "trust": 1.7,
            "url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/"
          },
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5902"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-5902"
          },
          {
            "trust": 1.0,
            "url": "http://packetstormsecurity.com/files/175671/f5-big-ip-tmui-directory-traversal-file-upload-code-execution.html"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k43638305"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k31301245"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k07051153"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k82518062"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k00091341"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k33023560"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/yassineaboukir/cve-2020-5902"
          },
          {
            "trust": 0.8,
            "url": "https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5902"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90376702/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2260/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2260.7/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2260.5/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2260.6/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2260.3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2260.2/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-tmui-32662"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47063"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47132"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/48711"
          },
          {
            "trust": 0.1,
            "url": "https://[f5"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "db": "PACKETSTORM",
            "id": "158414"
          },
          {
            "db": "PACKETSTORM",
            "id": "158333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "db": "PACKETSTORM",
            "id": "158414"
          },
          {
            "db": "PACKETSTORM",
            "id": "158333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "date": "2020-07-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "date": "2020-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "date": "2020-07-14T19:35:45",
            "db": "PACKETSTORM",
            "id": "158414"
          },
          {
            "date": "2020-07-07T16:03:54",
            "db": "PACKETSTORM",
            "id": "158333"
          },
          {
            "date": "2020-07-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          },
          {
            "date": "2020-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "date": "2020-07-01T15:15:15.360000",
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#290915"
          },
          {
            "date": "2022-07-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184027"
          },
          {
            "date": "2023-11-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5902"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          },
          {
            "date": "2020-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007318"
          },
          {
            "date": "2025-10-27T17:07:00.147000",
            "db": "NVD",
            "id": "CVE-2020-5902"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#290915"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-053"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-1018

    Vulnerability from variot - Updated: 2025-04-20 23:31

    F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. The former is a set of templates for configuring outbound security devices for decrypting SSL traffic in LTM; the latter is a set of solutions designed to optimize SSL infrastructure and provide security devices. Attackers can exploit this vulnerability to implement server-side request forgery attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1018",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "f5",
            "version": "2.0"
          },
          {
            "model": "ssl intercept iapp",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "f5",
            "version": "1.5.7"
          },
          {
            "model": "ssl intercept iapp",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "f5",
            "version": "1.5.0"
          },
          {
            "model": "ssl intercept iapp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f5",
            "version": "1.5.0 to  1.5.7"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:ssl_intercept_iapp",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:ssl_orchestrator",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          }
        ]
      },
      "cve": "CVE-2017-6130",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-6130",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-114333",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-6130",
                "impactScore": 4.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6130",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6130",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-790",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114333",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. The former is a set of templates for configuring outbound security devices for decrypting SSL traffic in LTM; the latter is a set of solutions designed to optimize SSL infrastructure and provide security devices. Attackers can exploit this vulnerability to implement server-side request forgery attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6130",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-114333",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "id": "VAR-201704-1018",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:31:01.903000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K23001529: SSL Intercept iApp and SSL Orchestrator Server-Side Request Forgery vulnerability CVE-2017-6130",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K23001529"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-918",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k23001529"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6130"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6130"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "date": "2017-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "date": "2017-02-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "date": "2017-04-06T14:59:00.287000",
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114333"
          },
          {
            "date": "2017-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          },
          {
            "date": "2017-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-6130"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 SSL Intercept iApp and  SSL Orchestrator Vulnerable to server-side request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002990"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-790"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0947

    Vulnerability from variot - Updated: 2024-11-23 23:01

    In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. plural BIG-IP The product contains a vulnerability related to information leakage.Information may be obtained. F5 BIG-IP is a load balancing device.

    F5 BIG-IP has a directory traversal vulnerability. There are security vulnerabilities in BIG-IP versions between 15.1.0 and 15.1.0.4 and versions between 15.0.0 and 15.0.1.3

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0947",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip link controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip local traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "ssl orchestrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "15.1.0,\u003c=15.1.0.4"
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "15.0.0,\u003c=15.0.1.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "cve": "CVE-2020-5916",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-5916",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-50287",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-184041",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2020-5916",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-5916",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5916",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-5916",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-50287",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-1235",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184041",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. plural BIG-IP The product contains a vulnerability related to information leakage.Information may be obtained. F5 BIG-IP is a load balancing device. \n\r\n\r\nF5 BIG-IP has a directory traversal vulnerability. There are security vulnerabilities in BIG-IP versions between 15.1.0 and 15.1.0.4 and versions between 15.0.0 and 15.0.1.3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5916",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2921",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "id": "VAR-202008-0947",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          }
        ],
        "trust": 1.1615448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:19.213000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K29923912",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K29923912"
          },
          {
            "title": "Patch for F5 BIG-IP directory traversal vulnerability (CNVD-2020-50287)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/232987"
          },
          {
            "title": "BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127496"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.1
          },
          {
            "problemtype": "information leak (CWE-200) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5916"
          },
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k29923912"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2921/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-directory-traversal-via-certificate-administrator-user-role-33155"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          },
          {
            "date": "2020-08-26T15:15:13.210000",
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-50287"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184041"
          },
          {
            "date": "2021-02-01T00:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          },
          {
            "date": "2024-11-21T05:34:49.353000",
            "db": "NVD",
            "id": "CVE-2020-5916"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0BIG-IP\u00a0 Information leakage vulnerabilities in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010664"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1235"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0945

    Vulnerability from variot - Updated: 2024-11-23 22:58

    In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. plural BIG-IP The product contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. BIG-IP version 15.1.0 to 15.1.0.4, version 15.0.0 to 15.0.1.3, version 14.1.0 to 14.1.2.3, version 13.1.0 to 13.1.3.3, 12.1.0 There is a security vulnerability in versions between 12.1.5.1 and 11.6.1 to 11.6.5.1

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0945",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_firewall_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_web_application_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_analytics",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_acceleration_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_security_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_ddos_hybrid_defender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_domain_name_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_fraud_protection_service",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_global_traffic_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          }
        ]
      },
      "cve": "CVE-2020-5912",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5912",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008721",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-184037",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-5912",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008721",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5912",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008721",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-1228",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184037",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process\u0027s dump command does not follow current best coding practices and may overwrite arbitrary files. plural BIG-IP The product contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. BIG-IP version 15.1.0 to 15.1.0.4, version 15.0.0 to 15.0.1.3, version 14.1.0 to 14.1.2.3, version 13.1.0 to 13.1.3.3, 12.1.0 There is a security vulnerability in versions between 12.1.5.1 and 11.6.1 to 11.6.5.1",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5912",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2935",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2935.2",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-184037",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "id": "VAR-202008-0945",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:58:10.179000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K12936322",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K12936322"
          },
          {
            "title": "BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127302"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k12936322"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5912"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5912"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2935/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-restjavad-process-dump-33151"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2935.2/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "date": "2020-09-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          },
          {
            "date": "2020-08-26T15:15:12.993000",
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184037"
          },
          {
            "date": "2020-09-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          },
          {
            "date": "2024-11-21T05:34:48.900000",
            "db": "NVD",
            "id": "CVE-2020-5912"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  BIG-IP Product input verification vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008721"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1228"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0938

    Vulnerability from variot - Updated: 2024-11-23 22:55

    In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. plural BIG-IP The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is a F5 load balancing device.

    F5 BIG-IP iControl REST has a cross-site request forgery vulnerability. A remote attacker can use this vulnerability to construct a malicious URI, trick the request, and perform malicious operations in the context of the target user. BIG-IP versions between 15.0.0 and 15.1.0.4, versions between 14.1.0 and 14.1.2.6, versions between 13.1.0 and 13.1.3.3, versions between 12.1.0 and 12.1.5.1 and 11.6.1 There is a security vulnerability in versions up to 11.6.5.2, which is caused by BIG-IP not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0938",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.7"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "13.1.0,\u003c=13.1.3.3"
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "12.1.0,\u003c=12.1.5.1"
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "11.6.1,\u003c=11.6.5.2"
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "15.0.0,\u003c=15.1.0.4"
          },
          {
            "model": "big-ip",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "f5",
            "version": "14.1.0,\u003c=14.1.2.6"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_firewall_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_web_application_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_analytics",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_acceleration_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_security_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_ddos_hybrid_defender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_domain_name_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_fraud_protection_service",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_global_traffic_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          }
        ]
      },
      "cve": "CVE-2020-5922",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-5922",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010318",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-50286",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-184047",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-5922",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010318",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5922",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-010318",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-50286",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-1226",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184047",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. plural BIG-IP The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is a F5 load balancing device. \n\r\n\r\nF5 BIG-IP iControl REST has a cross-site request forgery vulnerability. A remote attacker can use this vulnerability to construct a malicious URI, trick the request, and perform malicious operations in the context of the target user. BIG-IP versions between 15.0.0 and 15.1.0.4, versions between 14.1.0 and 14.1.2.6, versions between 13.1.0 and 13.1.3.3, versions between 12.1.0 and 12.1.5.1 and 11.6.1 There is a security vulnerability in versions up to 11.6.5.2, which is caused by BIG-IP not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5922",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2934",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "id": "VAR-202008-0938",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          }
        ],
        "trust": 1.1615448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:05.356000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K20606443",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K20606443"
          },
          {
            "title": "Patch for F5 BIG-IP iControl REST cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/232969"
          },
          {
            "title": "BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127050"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5922"
          },
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k20606443"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5922"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2934/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-cross-site-request-forgery-via-icontrol-rest-33152"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "date": "2021-01-06T07:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          },
          {
            "date": "2020-08-26T15:15:13.477000",
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-50286"
          },
          {
            "date": "2020-09-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184047"
          },
          {
            "date": "2021-01-06T07:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          },
          {
            "date": "2024-11-21T05:34:50.010000",
            "db": "NVD",
            "id": "CVE-2020-5922"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  BIG-IP Cross-site request forgery vulnerability in product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010318"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1226"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202012-0726

    Vulnerability from variot - Updated: 2024-11-23 22:40

    On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. BIG-IP Access Policy Manager (APM) , BIG-IP Advanced Firewall Manager (AFM) , BIG-IP Advanced Web Application Firewall (WAF) etc. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202012-0726",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.3.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip local traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "ssl orchestrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip link controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "cve": "CVE-2020-27719",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-27719",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-371830",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-27719",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2020-27719",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-27719",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27719",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-1280",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-371830",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. BIG-IP Access Policy Manager (APM) , BIG-IP Advanced Firewall Manager (AFM) , BIG-IP Advanced Web Application Firewall (WAF) etc. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27719",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4482.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4482",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-371830",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "id": "VAR-202012-0726",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:40:50.240000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K19166530",
            "trust": 0.8,
            "url": "https://my.f5.com/manage/s/article/K19166530"
          },
          {
            "title": "F5 BIG-IP Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138057"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k19166530"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27719"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4482/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4482.2/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-cross-site-scripting-via-configuration-utility-34145"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-12-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "date": "2024-07-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "date": "2020-12-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          },
          {
            "date": "2020-12-24T16:15:15.037000",
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-12-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-371830"
          },
          {
            "date": "2024-07-19T01:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          },
          {
            "date": "2021-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          },
          {
            "date": "2024-11-21T05:21:41.473000",
            "db": "NVD",
            "id": "CVE-2020-27719"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0F5\u00a0Networks\u00a0 Cross-site scripting vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-018309"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1280"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-0298

    Vulnerability from variot - Updated: 2024-11-23 22:29

    On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration. F5 SSL Orchestrator Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This product provides policy-based dynamic decryption, encryption, and flow control functions. Attackers can exploit this vulnerability to crash TMM

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0298",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f5",
            "version": "14.0.0 to  14.1.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f5",
            "version": "15.0.0 to  15.0.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:ssl_orchestrator",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          }
        ]
      },
      "cve": "CVE-2019-6674",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-6674",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158109",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-6674",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-6674",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6674",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6674",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-1454",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158109",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration. F5 SSL Orchestrator Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This product provides policy-based dynamic decryption, encryption, and flow control functions. Attackers can exploit this vulnerability to crash TMM",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158109"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6674",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4499",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158109",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "id": "VAR-201911-0298",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158109"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:29:50.951000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K21135478",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K21135478"
          },
          {
            "title": "F5 SSL Orchestrator Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105220"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://support.f5.com/csp/article/k21135478"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6674"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6674"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4499/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158109"
          },
          {
            "date": "2019-12-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "date": "2019-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          },
          {
            "date": "2019-11-27T21:15:12.963000",
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158109"
          },
          {
            "date": "2019-12-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          },
          {
            "date": "2024-11-21T04:46:55.920000",
            "db": "NVD",
            "id": "CVE-2019-6674"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 SSL Orchestrator Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013081"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1454"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202009-1232

    Vulnerability from variot - Updated: 2024-11-23 22:25

    In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. plural BIG-IP The product contains unspecified vulnerabilities.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Configuration utility is one of the configuration utilities. A security vulnerability exists in the F5 BIG-IP. The vulnerability originates from SSL/TLS ADH/DHE. An attacker could exploit this vulnerability to bypass access restrictions on data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202009-1232",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "cve": "CVE-2020-5929",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CVE-2020-5929",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "VHN-184054",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:H/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-5929",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-5929",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5929",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-5929",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202009-590",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184054",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. plural BIG-IP The product contains unspecified vulnerabilities.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Configuration utility is one of the configuration utilities. A security vulnerability exists in the F5 BIG-IP. The vulnerability originates from SSL/TLS ADH/DHE. An attacker could exploit this vulnerability to bypass access restrictions on data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5929",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3101.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3101",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-184054",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "id": "VAR-202009-1232",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:25:21.797000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K91158923",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K91158923"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128045"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-203",
            "trust": 1.1
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k91158923"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5929"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3101.2/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-information-disclosure-via-ssl-tls-adh-dhe-33290"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3101/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "date": "2021-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "date": "2020-09-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          },
          {
            "date": "2020-09-25T14:15:13.970000",
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184054"
          },
          {
            "date": "2021-04-20T08:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          },
          {
            "date": "2024-11-21T05:34:50.820000",
            "db": "NVD",
            "id": "CVE-2020-5929"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0BIG-IP\u00a0 Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-011966"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-590"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202010-1490

    Vulnerability from variot - Updated: 2024-11-23 22:21

    On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. BIG-IP Contains a cryptographic vulnerability.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. There is a security vulnerability in F5 BIG-IP. Attackers can exploit this vulnerability to bypass data access restrictions and obtain sensitive information through the small IPsec key length

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1490",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip link controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "cve": "CVE-2020-5938",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-5938",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-184063",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-5938",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-5938",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5938",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-5938",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202010-1615",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184063",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. BIG-IP Contains a cryptographic vulnerability.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. There is a security vulnerability in F5 BIG-IP. Attackers can exploit this vulnerability to bypass data access restrictions and obtain sensitive information through the small IPsec key length",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5938"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5938",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3739",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-184063",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5938",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "id": "VAR-202010-1490",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:21:00.701000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K76610106",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K76610106"
          },
          {
            "title": "F5 BIG-IP Fixes for encryption problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133125"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.1
          },
          {
            "problemtype": "Inadequate encryption strength (CWE-326) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://support.f5.com/csp/article/k76610106"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5938"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3739/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-information-disclosure-via-ipsec-small-key-length-33712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "date": "2020-10-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5938"
          },
          {
            "date": "2021-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "date": "2020-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          },
          {
            "date": "2020-10-29T14:15:12.743000",
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184063"
          },
          {
            "date": "2020-11-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5938"
          },
          {
            "date": "2021-06-15T06:01:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          },
          {
            "date": "2020-11-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          },
          {
            "date": "2024-11-21T05:34:51.907000",
            "db": "NVD",
            "id": "CVE-2020-5938"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in cryptography",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012926"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-1615"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0819

    Vulnerability from variot - Updated: 2024-11-23 22:20

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could allow an attacker to trigger a fatal error that could trigger a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0819",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "cve": "CVE-2021-23003",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-23003",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-381489",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-23003",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-23003",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-23003",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-23003",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-779",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381489",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could allow an attacker to trigger a fatal error that could trigger a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381489"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-23003",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0866",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381489",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23003",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "id": "VAR-202103-0819",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381489"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:20:50.873000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K43470422",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K43470422"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146349"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k43470422"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23003"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-mptcp-34812"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0866"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381489"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23003"
          },
          {
            "date": "2021-12-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          },
          {
            "date": "2021-03-31T18:15:15.443000",
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381489"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23003"
          },
          {
            "date": "2021-12-07T09:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          },
          {
            "date": "2024-11-21T05:51:07.970000",
            "db": "NVD",
            "id": "CVE-2021-23003"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005088"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-779"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0820

    Vulnerability from variot - Updated: 2024-11-23 22:20

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could allow an attacker to trigger a fatal error that could trigger a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0820",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "cve": "CVE-2021-23004",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-23004",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-381490",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-23004",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-23004",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-23004",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-23004",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-774",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381490",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could allow an attacker to trigger a fatal error that could trigger a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381490"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-23004",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0866",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381490",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23004",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "id": "VAR-202103-0820",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381490"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:20:50.845000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K31025212",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K31025212"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146347"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k31025212"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23004"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-mptcp-34809"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0866"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381490"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23004"
          },
          {
            "date": "2021-12-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          },
          {
            "date": "2021-03-31T18:15:15.503000",
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381490"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23004"
          },
          {
            "date": "2021-12-07T09:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          },
          {
            "date": "2024-11-21T05:51:08.090000",
            "db": "NVD",
            "id": "CVE-2021-23004"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005089"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-774"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0135

    Vulnerability from variot - Updated: 2024-11-23 21:59

    On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances. F5 SSL Orchestrator Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 SSL Orchestrator is prone to a denial-of-service vulnerability. An attacker can exploit this issue to restart the affected application resulting in denial-of-service conditions. This product provides policy-based dynamic decryption, encryption, and flow control functions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0135",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0.6"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.0.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f5",
            "version": "14.0.0 to  14.0.0.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f5",
            "version": "14.1.0 to  14.1.0.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "14.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "14.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "14.1.0.6"
          },
          {
            "model": "ssl orchestrator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f5",
            "version": "14.0.0.5"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "109097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:ssl_orchestrator",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "109097"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2019-6630",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-6630",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158065",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-6630",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6630",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6630",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-055",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158065",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances. F5 SSL Orchestrator Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 SSL Orchestrator is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to restart the affected application resulting in denial-of-service conditions. This product provides policy-based dynamic decryption, encryption, and flow control functions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "BID",
            "id": "109097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6630",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "109097",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2409",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158065",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "db": "BID",
            "id": "109097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "id": "VAR-201907-0135",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:59:50.437000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K33444350",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K33444350"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94291"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://support.f5.com/csp/article/k33444350"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/109097"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6630"
          },
          {
            "trust": 0.9,
            "url": "http://www.f5.com/products/big-ip/"
          },
          {
            "trust": 0.9,
            "url": "https://www.f5.com/products/security/ssl-orchestrator"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6630"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k36320691"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-29665"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2409/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "db": "BID",
            "id": "109097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "db": "BID",
            "id": "109097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "BID",
            "id": "109097"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          },
          {
            "date": "2019-07-03T18:15:10.913000",
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158065"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "BID",
            "id": "109097"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          },
          {
            "date": "2024-11-21T04:46:50.583000",
            "db": "NVD",
            "id": "CVE-2019-6630"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 SSL Orchestrator Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006171"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-055"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0132

    Vulnerability from variot - Updated: 2024-11-23 21:59

    On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled. F5 SSL Orchestrator is an all-in-one device solution designed for SSL infrastructure by F5 Corporation of the United States. This product provides policy-based dynamic decryption, encryption, and flow control functions. A security vulnerability exists in F5 SSL Orchestrator version 14.1.0. An attacker can exploit this vulnerability to restart the TMM, causing traffic interruption or failover

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0132",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0.6"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f5",
            "version": "14.1.0 to  14.1.0.5"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:ssl_orchestrator",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          }
        ]
      },
      "cve": "CVE-2019-6627",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-6627",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-158062",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2019-6627",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6627",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6627",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-058",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158062",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled. F5 SSL Orchestrator is an all-in-one device solution designed for SSL infrastructure by F5 Corporation of the United States. This product provides policy-based dynamic decryption, encryption, and flow control functions. A security vulnerability exists in F5 SSL Orchestrator version 14.1.0. An attacker can exploit this vulnerability to restart the TMM, causing traffic interruption or failover",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6627",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2409",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158062",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "id": "VAR-201907-0132",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:59:50.413000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K36320691",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K36320691"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94294"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-362",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k36320691"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6627"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6627"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k33444350"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-29665"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2409/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          },
          {
            "date": "2019-07-03T18:15:10.693000",
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158062"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          },
          {
            "date": "2024-11-21T04:46:50.230000",
            "db": "NVD",
            "id": "CVE-2019-6627"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F5 SSL Orchestrator Race condition vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006170"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "competition condition problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-058"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0948

    Vulnerability from variot - Updated: 2024-11-23 21:59

    In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. BIG-IP Exists in a certificate validation vulnerability.Information may be obtained and tampered with. BIG-IP Server versions between 15.0.0 and 15.1.0.1, versions between 14.1.0 and 14.1.2.3, versions between 13.1.0 and 13.1.3.4, versions between 12.1.0 and 12.1.5.1, and 11.6 There are security vulnerabilities in versions between .1 and 11.6.5.2

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0948",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.5"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2-0.89.37"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.2"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip link controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip local traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "ssl orchestrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_firewall_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_advanced_web_application_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_analytics",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_acceleration_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_application_security_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_ddos_hybrid_defender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_domain_name_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_fraud_protection_service",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_global_traffic_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_link_controller",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_local_traffic_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:big-ip_policy_enforcement_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f5:ssl_orchestrator",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          }
        ]
      },
      "cve": "CVE-2020-5913",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-5913",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010457",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-184038",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-5913",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010457",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5913",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-010457",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-1247",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-184038",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. BIG-IP Exists in a certificate validation vulnerability.Information may be obtained and tampered with. BIG-IP Server versions between 15.0.0 and 15.1.0.1, versions between 14.1.0 and 14.1.2.3, versions between 13.1.0 and 13.1.3.4, versions between 12.1.0 and 12.1.5.1, and 11.6 There are security vulnerabilities in versions between .1 and 11.6.5.2",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5913",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2918.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2918.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2918.4",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2918",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50285",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-184038",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "id": "VAR-202008-0948",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:59:06.930000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K72752002",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K72752002"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k72752002"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5913"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5913"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-man-in-the-middle-via-server-ssl-revoked-certificates-33163"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2918.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2918/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2918.3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2918.4/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "date": "2021-01-19T01:57:21",
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          },
          {
            "date": "2020-08-26T15:15:13.053000",
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-184038"
          },
          {
            "date": "2021-01-19T01:57:21",
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          },
          {
            "date": "2020-12-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          },
          {
            "date": "2024-11-21T05:34:49.020000",
            "db": "NVD",
            "id": "CVE-2020-5913"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP Certificate validation vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010457"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-1247"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0814

    Vulnerability from variot - Updated: 2024-11-23 21:51

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a cross-site scripting vulnerability, which can be exploited by attackers to trigger cross-site scripting through TMUI to run JavaScript code in the context of the website

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0814",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "cve": "CVE-2021-22994",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22994",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381480",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-22994",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-22994",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22994",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22994",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-785",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381480",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a cross-site scripting vulnerability, which can be exploited by attackers to trigger cross-site scripting through TMUI to run JavaScript code in the context of the website",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22994",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0871",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381480",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22994",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "id": "VAR-202103-0814",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:51:06.648000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K66851119",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K66851119"
          },
          {
            "title": "F5 BIG-IP Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146017"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k66851119"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22994"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-cross-site-scripting-via-tmui-34818"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0871"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22994"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          },
          {
            "date": "2021-03-31T18:15:14.910000",
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381480"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22994"
          },
          {
            "date": "2021-12-08T04:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          },
          {
            "date": "2024-11-21T05:51:05.240000",
            "db": "NVD",
            "id": "CVE-2021-22994"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Cross-site Scripting Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005133"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-785"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0818

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could allow an attacker to trigger a fatal error that could trigger a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0818",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "cve": "CVE-2021-22998",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-22998",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-381484",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22998",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-22998",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22998",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22998",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-775",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381484",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381484"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could allow an attacker to trigger a fatal error that could trigger a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381484"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22998",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0873",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381484",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22998",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381484"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22998"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "id": "VAR-202103-0818",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381484"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.918000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K31934524",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K31934524"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146013"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22998"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k31934524"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22998"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-snat-syn-flood-34810"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0873"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381484"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22998"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381484"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22998"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381484"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22998"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          },
          {
            "date": "2021-03-31T18:15:15.097000",
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381484"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22998"
          },
          {
            "date": "2021-12-08T04:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          },
          {
            "date": "2024-11-21T05:51:05.700000",
            "db": "NVD",
            "id": "CVE-2021-22998"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005130"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-775"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0963

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP There are unspecified vulnerabilities in the system.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that could be exploited by an attacker to trigger a fatal error over an HTTP 2 connection, triggering a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0963",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "cve": "CVE-2021-22999",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-22999",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-381485",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22999",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-22999",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22999",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22999",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-768",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381485",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP There are unspecified vulnerabilities in the system.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that could be exploited by an attacker to trigger a fatal error over an HTTP 2 connection, triggering a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381485"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22999",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0873",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381485",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22999",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381485"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "id": "VAR-202103-0963",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381485"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.890000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K02333782",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K02333782"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146345"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k02333782"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22999"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-http-2-connect-34805"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0873"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381485"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381485"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381485"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22999"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          },
          {
            "date": "2021-03-31T18:15:15.160000",
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381485"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22999"
          },
          {
            "date": "2021-12-08T04:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          },
          {
            "date": "2024-11-21T05:51:07.523000",
            "db": "NVD",
            "id": "CVE-2021-22999"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerabilities in the system",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-768"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0964

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that could be exploited by an attacker to trigger a fatal error via tmm.http.rfc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0964",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "cve": "CVE-2021-23000",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-23000",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381486",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-23000",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-23000",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-23000",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-23000",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-777",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381486",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. F5 BIG-IP has a security vulnerability that could be exploited by an attacker to trigger a fatal error via tmm.http.rfc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381486"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-23000",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0873",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381486",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23000",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "id": "VAR-202103-0964",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381486"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.863000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K34441555",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K34441555"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146348"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k34441555"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23000"
          },
          {
            "trust": 0.6,
            "url": "http-rfc-enforcement-34811"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-tmm-"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0873"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381486"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23000"
          },
          {
            "date": "2021-12-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          },
          {
            "date": "2021-03-31T18:15:15.223000",
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381486"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23000"
          },
          {
            "date": "2021-12-07T09:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          },
          {
            "date": "2024-11-21T05:51:07.640000",
            "db": "NVD",
            "id": "CVE-2021-23000"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005085"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-777"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0961

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0961",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Google Security Research",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-22992",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22992",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22992",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22992",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22992",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22992",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-781",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381472",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22992",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22992"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-381472",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22992",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161753",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16852",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16850",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16851",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16849",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162059",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162066",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99156",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22992",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "id": "VAR-202103-0961",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.381000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K52510511",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K52510511"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144299"
          },
          {
            "title": "F5\u306e\u8106\u5f31\u6027\u60c5\u5831",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          },
          {
            "title": "\u4e3b\u6d41\u4f9b\u5e94\u5546\u7684\u4e00\u4e9b\u653b\u51fb\u6027\u6f0f\u6d1e\u6c47\u603b",
            "trust": 0.1,
            "url": "https://github.com/r0eXpeR/supplier "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.1
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-918",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://support.f5.com/csp/article/k52510511"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22992"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-asm-advancedwaf-buffer-overflow-via-login-page-34814"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872.2"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161753/f5-big-ip-asm-is_hdr_criteria_matches-buffer-overflow.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/120.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/r0exper/supplier"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          },
          {
            "date": "2021-03-31T17:15:13.010000",
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22992"
          },
          {
            "date": "2021-12-06T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          },
          {
            "date": "2024-11-21T05:51:05.017000",
            "db": "NVD",
            "id": "CVE-2021-22992"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Buffer Overflow Vulnerability in Linux",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005035"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-781"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0653

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0653",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "cve": "CVE-2021-22989",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-22989",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-22989",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22989",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22989",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22989",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-783",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381472",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22989",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22989"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-381472",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22989",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16852",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16850",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16851",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16849",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162059",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162066",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99156",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22989",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "id": "VAR-202103-0653",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.348000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K56142644",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K56142644"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146352"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-918",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k56142644"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22989"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872.2"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-asm-advancedwaf-code-execution-via-appliance-mode-34816"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k52510511"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197976"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          },
          {
            "date": "2021-03-31T17:15:12.887000",
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22989"
          },
          {
            "date": "2021-12-06T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          },
          {
            "date": "2024-11-21T05:51:04.680000",
            "db": "NVD",
            "id": "CVE-2021-22989"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005033"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-783"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0652

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0652",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "cve": "CVE-2021-22988",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-22988",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-22988",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22988",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22988",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22988",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-786",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381472",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22988",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22988"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-381472",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22988",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16852",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16850",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16851",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16849",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162059",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162066",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99156",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22988",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "id": "VAR-202103-0652",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.217000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K70031188",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K70031188"
          },
          {
            "title": "F5 BIG-IP Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144301"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-918",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k70031188"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22988"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-tmui-34819"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872.2"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k52510511"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          },
          {
            "date": "2021-03-31T15:15:15.433000",
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22988"
          },
          {
            "date": "2021-12-06T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          },
          {
            "date": "2024-11-21T05:51:04.557000",
            "db": "NVD",
            "id": "CVE-2021-22988"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005031"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-786"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0655

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0655",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "cve": "CVE-2021-22987",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-22987",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-22987",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.9,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-22987",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22987",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22987",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-772",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381472",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-22987",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22987"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-381472",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22987",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16852",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16850",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16851",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-16849",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-770",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162059",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162066",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99156",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381472",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22987",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "id": "VAR-202103-0655",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.160000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K18132488",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K18132488"
          },
          {
            "title": "F5 BIG-IP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144297"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/f5-cisa-critical-rce-bugs/164679/"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.1
          },
          {
            "problemtype": "CWE-918",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k18132488"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22987"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872.2"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-appliance-mode-tmui-34808"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k52510511"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197974"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          },
          {
            "date": "2021-03-31T17:15:12.823000",
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381472"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-22987"
          },
          {
            "date": "2021-12-06T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          },
          {
            "date": "2024-11-21T05:51:04.440000",
            "db": "NVD",
            "id": "CVE-2021-22987"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005032"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-772"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0959

    Vulnerability from variot - Updated: 2024-11-23 21:34

    On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in F5 BIG-IP that could allow an attacker to exploit file uploads to bypass access restrictions in order to prepare an attack or trigger a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0959",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.3"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "ssl orchestrator",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.1.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.6"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.2.1"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.4"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "cve": "CVE-2021-23001",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-23001",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-381487",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-23001",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-23001",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-23001",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-23001",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-771",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381487",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in F5 BIG-IP that could allow an attacker to exploit file uploads to bypass access restrictions in order to prepare an attack or trigger a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-23001",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0872",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381487",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23001",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "id": "VAR-202103-0959",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:34:48.129000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "K06440657",
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/K06440657"
          },
          {
            "title": "F5 BIG-IP Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146346"
          },
          {
            "title": "F5_Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/DNTYO/F5_Vulnerability "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-23001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-434",
            "trust": 1.1
          },
          {
            "problemtype": "Unlimited upload of dangerous types of files (CWE-434) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k06440657"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23001"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/f5-big-ip-asm-write-access-via-icontrol-rest-file-upload-34807"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0872.2"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dntyo/f5_vulnerability"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-23001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "date": "2021-03-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23001"
          },
          {
            "date": "2021-12-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "date": "2021-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          },
          {
            "date": "2021-03-31T18:15:15.300000",
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381487"
          },
          {
            "date": "2021-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-23001"
          },
          {
            "date": "2021-12-07T09:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          },
          {
            "date": "2021-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          },
          {
            "date": "2024-11-21T05:51:07.747000",
            "db": "NVD",
            "id": "CVE-2021-23001"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BIG-IP\u00a0Advanced\u00a0WAF\u00a0 and \u00a0ASM\u00a0 Unlimited Upload Vulnerability in File Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005086"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-771"
          }
        ],
        "trust": 0.6
      }
    }