Rewterz Threat Advisory – CVE-2021-21198 – Google Chrome IPC information disclosure
April 1, 2021Rewterz Threat Advisory – CVE-2021-23348 – Node.js portprocesses module command execution
April 1, 2021Rewterz Threat Advisory – CVE-2021-21198 – Google Chrome IPC information disclosure
April 1, 2021Rewterz Threat Advisory – CVE-2021-23348 – Node.js portprocesses module command execution
April 1, 2021Severity
High
Analysis Summary
CVE-2021-23001
F5 BIG-IP (Advanced WAF, ASM) could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control by the upload function. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload malicious files to use in future attacks or fill up the system’s disk space.
Impact
Bypass Security
Affected Vendors
F5
Affected Products
F5 BIG-IP (ASM) 14.1.0
Remediation
Refer to F5 Security Advisory for the list of affected products patch, upgrade and suggested workaround information.