CVE-2021-22997

HIGH

F5 BIG-IQ Centralized Management 6.0.0-7.x - Unauthenticated ElasticSearch Transport Service Access

Title source: llm

Description

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.f5.com/csp/article/K34074377

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (1)

f5/big-iq_centralized_management 6.0.0 - 8.0.0

Published Mar 31, 2021

Tracked Since Feb 18, 2026