How severe is CVE-2021-23001?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2021-23001?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2021-23001 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Related Vulnerabilities

CVE-2016-8973

MEDIUM

CVSS:4.3(Medium)

IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.

CWE-4342016

CVE-2018-0571

MEDIUM

CVSS:4.3(Medium)

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

CWE-4342018

CVE-2018-0587

MEDIUM

CVSS:4.3(Medium)

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

CWE-4342018

CVE-2019-19084

MEDIUM

CVSS:4.3(Medium)

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underly...

CWE-4342019

CVE-2019-4056

MEDIUM

CVSS:4.3(Medium)

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

CWE-4342019

CVE-2020-29447

MEDIUM

CVSS:4.3(Medium)

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. ...

CWE-4342020