CVE-2021-23002 vulnerability in F5 Networks Products

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Products Associated with CVE-2021-23002

stack.watch emails you whenever new vulnerabilities are published in F5 Networks Access Policy Manager Clients or F5 Networks Big Ip Access Policy Manager. Just hit a watch button to start following.

Exploit Probability

EPSS

0.07%

Percentile

21.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-23002 vulnerability in F5 Networks ProductsPublished on March 31, 2021

Products Associated with CVE-2021-23002

Exploit Probability

CVE-2021-23002 vulnerability in F5 Networks Products
Published on March 31, 2021