CVE-2021-23053

{"id": "CVE-2021-23053", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-09-14T13:15:11.403", "references": [{"url": "https://support.f5.com/csp/article/K36942191", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "En versiones 15.1.x anteriores a 15.1.3, 14.1.x anteriores a 14.1.3.1 y 13.1.x anteriores a 13.1.3.6, cuando la funcionalidad brute force protection de BIG-IP Advanced WAF o BIG-IP ASM est\u00e1 activada en un servidor virtual y \u00e9ste sufre un ataque por fuerza bruta, la base de datos MySQL puede quedarse sin espacio en disco debido a una falta de l\u00edmite de filas en las tablas no divulgadas de la base de datos MYSQL. Nota: no son evaluadas las versiones de software que han alcanzado End of Technical Support (EoTS)"}], "lastModified": "2022-08-30T16:13:20.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39DDA652-065C-4AF9-A014-E0DAFF60B61B", "versionEndExcluding": "13.1.3.6", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF641654-BDC0-4483-B6BA-D5566427E5C5", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55E9A0EB-8118-400B-B901-80A8AAFC212F", "versionEndExcluding": "15.1.3", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF4F8C6-1C43-4A54-9FD6-011253744FC8", "versionEndExcluding": "13.1.3.6", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0B1C52A-361A-46BD-9531-96C69F011EBC", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23CFD951-1C6F-4EE5-B8AA-06F29744F082", "versionEndExcluding": "15.1.3", "versionStartIncluding": "15.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}