Details of VAR-202103-0652

ID

VAR-202103-0652

CVE

CVE-2021-22988

TITLE

BIG-IP Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005031

DESCRIPTION

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IP Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP that could be exploited by an attacker to run code

Trust: 1.8

sources: NVD: CVE-2021-22988 // JVNDB: JVNDB-2021-005031 // VULHUB: VHN-381472 // VULMON: CVE-2021-22988

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	12.1.5.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	16.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.3.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	11.6.5.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced web application firewall	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-005031 // NVD: CVE-2021-22988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22988
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22988
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-786
value:	HIGH
Trust: 0.6
VULHUB:	VHN-381472
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-22988
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-22988
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-381472
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22988
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22988
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381472 // VULMON: CVE-2021-22988 // JVNDB: JVNDB-2021-005031 // CNNVD: CNNVD-202103-786 // NVD: CVE-2021-22988

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-120	Trust: 0.1
problemtype:	CWE-20	Trust: 0.1
problemtype:	CWE-918	Trust: 0.1

sources: VULHUB: VHN-381472 // JVNDB: JVNDB-2021-005031 // NVD: CVE-2021-22988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-786

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202103-786

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-381472

PATCH

title:	K70031188	url:	https://support.f5.com/csp/article/K70031188	Trust: 0.8
title:	F5 BIG-IP Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144301	Trust: 0.6
title:	F5_Vulnerability	url:	https://github.com/DNTYO/F5_Vulnerability	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/f5-cisa-critical-rce-bugs/164679/	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/03/11/f5_critical_flaws/	Trust: 0.1

sources: VULMON: CVE-2021-22988 // JVNDB: JVNDB-2021-005031 // CNNVD: CNNVD-202103-786

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22988	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-005031	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0872.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0872	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-786	Trust: 0.6
db:	CNVD	id:	CNVD-2021-16852	Trust: 0.1
db:	CNVD	id:	CNVD-2021-16850	Trust: 0.1
db:	CNVD	id:	CNVD-2021-16851	Trust: 0.1
db:	CNVD	id:	CNVD-2021-16849	Trust: 0.1
db:	CNNVD	id:	CNNVD-202103-770	Trust: 0.1
db:	PACKETSTORM	id:	162059	Trust: 0.1
db:	PACKETSTORM	id:	162066	Trust: 0.1
db:	SEEBUG	id:	SSVID-99156	Trust: 0.1
db:	VULHUB	id:	VHN-381472	Trust: 0.1
db:	VULMON	id:	CVE-2021-22988	Trust: 0.1

sources: VULHUB: VHN-381472 // VULMON: CVE-2021-22988 // JVNDB: JVNDB-2021-005031 // CNNVD: CNNVD-202103-786 // NVD: CVE-2021-22988

REFERENCES

url:	https://support.f5.com/csp/article/k70031188	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22988	Trust: 1.4
url:	https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-tmui-34819	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0872	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0872.2	Trust: 0.6
url:	https://support.f5.com/csp/article/k52510511	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/f5-cisa-critical-rce-bugs/164679/	Trust: 0.1

sources: VULHUB: VHN-381472 // VULMON: CVE-2021-22988 // JVNDB: JVNDB-2021-005031 // CNNVD: CNNVD-202103-786 // NVD: CVE-2021-22988

SOURCES

db:	VULHUB	id:	VHN-381472
db:	VULMON	id:	CVE-2021-22988
db:	JVNDB	id:	JVNDB-2021-005031
db:	CNNVD	id:	CNNVD-202103-786
db:	NVD	id:	CVE-2021-22988

LAST UPDATE DATE

2024-11-23T21:34:48.217000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381472	date:	2021-04-05T00:00:00
db:	VULMON	id:	CVE-2021-22988	date:	2021-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-005031	date:	2021-12-06T07:09:00
db:	CNNVD	id:	CNNVD-202103-786	date:	2021-04-06T00:00:00
db:	NVD	id:	CVE-2021-22988	date:	2024-11-21T05:51:04.557

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381472	date:	2021-03-31T00:00:00
db:	VULMON	id:	CVE-2021-22988	date:	2021-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-005031	date:	2021-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202103-786	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2021-22988	date:	2021-03-31T15:15:15.433