{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T16:01:22.832","vulnerabilities":[{"cve":{"id":"CVE-2021-23026","sourceIdentifier":"f5sirt@f5.com","published":"2021-09-14T22:15:07.087","lastModified":"2026-06-17T03:38:14.173","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."},{"lang":"es","value":"BIG-IP versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4.2, versiones 13.1.x anteriores a 13.1.4.1 y todas las versiones de 12.1.x y la 11.6.x y todas las versiones de BIG-IQ 8.x, 7.x y 6.x son vulnerables a ataques de tipo cross-site request forgery (CSRF) mediante iControl SOAP. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"n/a","product":"BIG-IP & BIG-IQ","versions":[{"version":"BIG-IP 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x","status":"affected"},{"version":"all versions of BIG-IQ 8.x, 7.x, and 6.x","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"50288008-B90F-4882-80AD-2C70A1F1E2DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"D5286F92-3E35-4B00-AA8F-AC96449BD2F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"5EF8BF70-3688-4DEE-BF08-835293783996"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"ADA2E5BF-3710-46E7-89CC-2C5D8C39A612"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"C37ABF73-E093-498B-99F3-11D5A3908C7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"AB20EE99-82A2-4FF9-B1C5-A0E40816AA5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"4DA90BE2-04DD-42C1-A2B0-9B2BC8201940"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"D7754026-7F57-4666-BF42-F1042EB1D69B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"D4C23715-2E2A-4FC6-8303-007AA2355779"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"D2A1BB14-BEB5-43DD-878D-83E51FBFD4E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"F7EE1E34-5DAE-4162-93E7-F043E5DF67C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"2D3877DD-4285-4EA1-9E76-A7EF48B0B1B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"18F2AC19-1085-48C3-B270-DD3E17A7870D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"6CCAB1F6-9AD7-4743-A6B6-D42567427845"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"7BCA8AFF-F556-496D-9B37-2F3901001E88"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"71C40185-3EFC-40DD-B7E4-160656AA3AF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"EDDC86D0-B9D6-42AE-959E-CC40C6F275EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"6B90B84E-0BAA-465E-A4D3-20902772B951"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"3B89D933-D3FE-4115-BBBD-26A6AE60C851"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"7521AA83-43FA-40C2-8634-6BCB222039E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"D17DCE22-99F8-422C-A414-86CFA78BA425"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"15EB0439-9C16-45C2-895D-44D6ED1A028A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"E60DDD42-73D2-44BE-B101-03E313E5C35C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"C19CC5B0-63A3-454E-B0F4-9F4A6D176567"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"9B2315AF-62CA-4948-AF3A-CC2D08F63BEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"EF0981E9-9826-4D59-9FF1-709208A88B0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"2F167B61-6851-4273-8043-02B37B0D2A7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1","matchCriteriaId":"5137A68D-E317-49B0-902A-E5C5168E9707"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"F82E9A35-A3E2-4915-BE23-B321C18BE6C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"A27C0FAB-2C2F-4F5E-8EF4-CC4923B848F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"60AF000D-91C4-424A-B0BD-D49BD8D55BBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"D6841D98-26B1-4569-9324-5A310B137A03"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"6B486BC4-2258-42FC-834E-22958ACFCA13"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"DFD7DB4C-6CA7-4C26-81AB-1F9A27F4355A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"3504522B-9264-46DE-98BD-227E9753DC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"0A27DDB2-F747-4CAA-AB86-982E50ED9C6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"3FCEA7BA-FBAB-4D94-86D9-51B7F8E4C0A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"FC486854-8119-4DDC-BE29-AB3394D2A214"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"35149ED3-F9F8-48C8-82E5-A250BA507F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"521B1C9E-8430-468F-9CAE-E58855875E45"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"ADE1E0A6-DE70-4D46-B493-671E23EEA32D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"C5FF402E-8A6B-498F-BDB3-089EFAE55061"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"280A0D1B-BC02-405D-9CDA-5CE8A4D738C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"553DC114-AAE0-4FF4-BF54-CF5D11675E13"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"228F7E70-F93D-40BD-9C33-2A51CB6B931F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"D38D907A-2071-4675-8616-733E3C96C95B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"C9776077-38E1-4D8E-8E2B-ADA28B1F568B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"8400E2BC-7527-4F70-9261-82B06EA6588A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"F4574B7D-DFAF-4527-8E19-2E37650A1494"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"30382C56-3299-4D9C-943B-46B8CECB31BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"C20ED9D0-83EA-442F-B9CA-FC5B69C5E223"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"5C33A02C-DFAB-481A-AB73-D799CD477F9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.4","matchCriteriaId":"5D2210B0-898F-49A9-ABEC-55971978C2AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"0C4A0BD4-F4CE-43BD-A957-3812DD1DCE92"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"85B2BB16-7953-40ED-AB1C-B844B244C0F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"4E2ED4CD-551D-4A67-A8CB-311156D53E11"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.1.0","matchCriteriaId":"F37D18F2-8C6A-4557-85DC-2A751595423C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.1.0","matchCriteriaId":"C88B0206-093A-4A18-8322-A1CD1D4ACF2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.1.0","matchCriteriaId":"29AC093D-F3E9-4CA5-80E8-E41354BF4126"}]}]}],"references":[{"url":"https://support.f5.com/csp/article/K53854428","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K53854428","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}