April 10, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CVE-2021-22994 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_advanced_web_application_firewall, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_ddos_hybrid_defender, big-ip_domain_name_system, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, ssl_orchestrator)

On BIG-IP versions 16.0.x before, 15.1.x before, 14.1.x before 14.1.4, 13.1.x before, 12.1.x before, and 11.6.x before, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.