From 2b01b53ee60258a0267f52e897c498e6d7e820f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Sep 2021 21:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23025.json | 50 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23028.json | 50 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23030.json | 50 ++++++++++++++++++++++++++++++++-- 3 files changed, 141 insertions(+), 9 deletions(-) diff --git a/2021/23xxx/CVE-2021-23025.json b/2021/23xxx/CVE-2021-23025.json index 7a6763dd8f8..13d8da0d82d 100644 --- a/2021/23xxx/CVE-2021-23025.json +++ b/2021/23xxx/CVE-2021-23025.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K50974556", + "url": "https://support.f5.com/csp/article/K50974556" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23028.json b/2021/23xxx/CVE-2021-23028.json index 6940fb47612..9ebf1f86d37 100644 --- a/2021/23xxx/CVE-2021-23028.json +++ b/2021/23xxx/CVE-2021-23028.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF and BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K00602225", + "url": "https://support.f5.com/csp/article/K00602225" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23030.json b/2021/23xxx/CVE-2021-23030.json index 2c36879e3a5..2e3e44a5df5 100644 --- a/2021/23xxx/CVE-2021-23030.json +++ b/2021/23xxx/CVE-2021-23030.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF and BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K42051445", + "url": "https://support.f5.com/csp/article/K42051445" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] }