How severe is CVE-2021-23015?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2021-23015?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2021-23015 - HIGH Severity | CVSS 7.2

Vulnerability Description

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2017-2673

HIGH

CVSS:7.2(High)

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and uninten...

CWE-8632017

CVE-2018-6980

HIGH

CVSS:7.2(High)

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue ma...

CWE-8632018

CVE-2018-7079

HIGH

CVSS:7.2(High)

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrat...

CWE-8632018

CVE-2020-12503

HIGH

CVSS:7.2(High)

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT...

CWE-8632020

CVE-2020-13322

HIGH

CVSS:7.2(High)

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.

CWE-8632020

CVE-2020-17049

HIGH

CVSS:7.2(High)

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit ...

CWE-8632020