CVE-2021-22993
https://notcve.org/view.php?id=CVE-2021-22993
On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores de 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.6 y versiones 12.1.x anteriores a 12.1 .5.3, un XSS basado en DOM en la página de propiedades de DoS Profile. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K55237223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23004
https://notcve.org/view.php?id=CVE-2021-23004
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, Los flujos de reenvío de Multipath TCP (MPTCP) se pueden crear en servidores virtuales estándar sin MPTCP habilitado en el perfil de TCP aplicado. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K31025212 •
CVE-2021-23001
https://notcve.org/view.php?id=CVE-2021-23001
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En las versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3 , la funcionalidad de carga en BIG-IP Advanced WAF y BIG-IP ASM permite a un usuario autenticado cargar archivos al sistema BIG-IP mediante una llamada a un endpoint iControl REST no revelado. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K06440657 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-22998
https://notcve.org/view.php?id=CVE-2021-22998
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, los umbrales de protección contra inundaciones SYN no se aplican en escuchas de secure network address translation (SNAT). Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K31934524 •
CVE-2021-23003
https://notcve.org/view.php?id=CVE-2021-23003
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, el proceso Traffic Management Microkernel (TMM) puede producir un archivo central cuando el tráfico MPTCP no revelado pasa a través de un servidor virtual estándar. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K43470422 •