CVE-2021-23053
MEDIUMBIG-IP Advanced WAF/ASM <15.1.3, 14.1.3.1, 13.1.3.6 - Info Disclosure
Title source: llmDescription
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K36942191
Scores
CVSS v3
5.3
EPSS
0.0063
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-770
CWE-400
Status
published
Products (2)
f5/big-ip_advanced_web_application_firewall
13.1.0 - 13.1.3.6
f5/big-ip_application_security_manager
13.1.0 - 13.1.3.6
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026