Details of VAR-202103-0822

ID

VAR-202103-0822

CVE

CVE-2021-23006

TITLE

BIG-IQ Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005103

DESCRIPTION

On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. BIG-IQ has a cross-site scripting vulnerability that could be exploited by an attacker using a specially crafted URL to reflect cross-site scripting in an unpublished page of the BIG-IQ user interface

Trust: 1.71

sources: NVD: CVE-2021-23006 // JVNDB: JVNDB-2021-005103 // VULHUB: VHN-381492

AFFECTED PRODUCTS

vendor:	f5	model:	big-iq centralized management	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	lt	version:	8.0.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	7.x	Trust: 0.8
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	6.x	Trust: 0.8
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-005103 // NVD: CVE-2021-23006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23006
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-23006
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-845
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-381492
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23006
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-381492
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-23006
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23006
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381492 // JVNDB: JVNDB-2021-005103 // CNNVD: CNNVD-202103-845 // NVD: CVE-2021-23006

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-381492 // JVNDB: JVNDB-2021-005103 // NVD: CVE-2021-23006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-845

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202103-845

PATCH

title:	K30585021	url:	https://support.f5.com/csp/article/K30585021	Trust: 0.8
title:	F5 BIG-IQ Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146023	Trust: 0.6
title:	F5_Vulnerability	url:	https://github.com/DNTYO/F5_Vulnerability	Trust: 0.1

sources: VULMON: CVE-2021-23006 // JVNDB: JVNDB-2021-005103 // CNNVD: CNNVD-202103-845

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23006	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-005103	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-845	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0869	Trust: 0.6
db:	VULHUB	id:	VHN-381492	Trust: 0.1
db:	VULMON	id:	CVE-2021-23006	Trust: 0.1

sources: VULHUB: VHN-381492 // VULMON: CVE-2021-23006 // JVNDB: JVNDB-2021-005103 // CNNVD: CNNVD-202103-845 // NVD: CVE-2021-23006

REFERENCES

url:	https://support.f5.com/csp/article/k30585021	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23006	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0869	Trust: 0.6
url:	https://github.com/dntyo/f5_vulnerability	Trust: 0.1

sources: VULHUB: VHN-381492 // VULMON: CVE-2021-23006 // JVNDB: JVNDB-2021-005103 // CNNVD: CNNVD-202103-845 // NVD: CVE-2021-23006

SOURCES

db:	VULHUB	id:	VHN-381492
db:	VULMON	id:	CVE-2021-23006
db:	JVNDB	id:	JVNDB-2021-005103
db:	CNNVD	id:	CNNVD-202103-845
db:	NVD	id:	CVE-2021-23006

LAST UPDATE DATE

2024-11-23T22:54:53.411000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381492	date:	2021-04-06T00:00:00
db:	VULMON	id:	CVE-2021-23006	date:	2021-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-005103	date:	2021-12-07T09:09:00
db:	CNNVD	id:	CNNVD-202103-845	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-23006	date:	2024-11-21T05:51:08.300

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381492	date:	2021-03-31T00:00:00
db:	VULMON	id:	CVE-2021-23006	date:	2021-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-005103	date:	2021-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202103-845	date:	2021-03-11T00:00:00
db:	NVD	id:	CVE-2021-23006	date:	2021-03-31T18:15:15.660