7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.3%
When a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. (CVE-2021-23050)
Impact
Traffic is disrupted until the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service (DoS) on the web application firewall. There is no control plane exposure; this is a data plane issue only. For more information about thebd process, refer to the following articles for your web application firewall product:
Important: The AWS Container Marketplace and the F5 Docker registry (docker-registry.nginx.com) provide NGINX container images that may also include vulnerable versions of NGINX App Protect. For example, if you are using theNGINX Ingress Controller with NGINX App Protect image from the AWS Container Marketplace, you may be using a vulnerable version of NGINX App Protect. To determine the version of your NGINX products, refer to K72015934: Display the NGINX software version.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.3%