K53225395: Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931

🗓️ 21 Feb 2023 18:53:23Reported by f5Type

f5🔗 my.f5.com👁 112 Views

Node.js DNS vulnerabilities CVE-2021-3672 and CVE-2021-22931. Missing input validation can lead to Domain Hijacking and Remote Code Execution

Reporter	Title	Published	Views	Family All 380
IBM Security Bulletins	Security Bulletin: IBM Cognos Controller is affected by vulnerabilities	15 Apr 202503:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway potentially vulnerable to DNS spoofing	23 May 202215:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL affect IBM Spectrum Control	9 Dec 202107:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway	21 Oct 202117:09	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-22939, CVE-2021-22931, CVE-2020-7598)	17 Jan 202309:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js	29 Oct 202121:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities	20 Apr 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to domain hijacking due to CVE-2021-22931	20 Oct 202110:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	31 May 202214:57	–	ibm

Vulners

Node

f5 big-ip_aamRange17.5.0–17.5.1

OR

f5 big-ip_afmRange17.5.0–17.5.1

OR

f5 big-ip_analyticsRange17.5.0–17.5.1

OR

f5 big-ip_apmRange17.5.0–17.5.1

OR

f5 big-ip_asmRange17.5.0–17.5.1

OR

f5 big-ip_ddos_hybrid_defenderRange17.5.0–17.5.1

OR

f5 big-ip_dnsRange17.5.0–17.5.1

OR

f5 big-ip_fpsRange17.5.0–17.5.1

OR

f5 big-ip_gtmRange17.5.0–17.5.1

OR

f5 big-ip_link_controllerRange17.5.0–17.5.1

OR

f5 big-ip_ltmRange17.5.0–17.5.1

OR

f5 big-ip_pemRange17.5.0–17.5.1

OR

f5 big-ip_ssl_orchestratorRange17.5.0–17.5.1

OR

f5 big-ip_aamRange17.0.0–17.1.2

OR

f5 big-ip_afmRange17.0.0–17.1.2

OR

f5 big-ip_analyticsRange17.0.0–17.1.2

OR

f5 big-ip_apmRange17.0.0–17.1.2

OR

f5 big-ip_asmRange17.0.0–17.1.2

OR

f5 big-ip_ddos_hybrid_defenderRange17.0.0–17.1.2

OR

f5 big-ip_dnsRange17.0.0–17.1.2

OR

f5 big-ip_fpsRange17.0.0–17.1.2

OR

f5 big-ip_gtmRange17.0.0–17.1.2

OR

f5 big-ip_link_controllerRange17.0.0–17.1.2

OR

f5 big-ip_ltmRange17.0.0–17.1.2

OR

f5 big-ip_pemRange17.0.0–17.1.2

OR

f5 big-ip_ssl_orchestratorRange17.0.0–17.1.2

OR

f5 big-ip_aamRange16.1.0–16.1.6

OR

f5 big-ip_afmRange16.1.0–16.1.6

OR

f5 big-ip_analyticsRange16.1.0–16.1.6

OR

f5 big-ip_apmRange16.1.0–16.1.6

OR

f5 big-ip_asmRange16.1.0–16.1.6

OR

f5 big-ip_ddos_hybrid_defenderRange16.1.0–16.1.6

OR

f5 big-ip_dnsRange16.1.0–16.1.6

OR

f5 big-ip_fpsRange16.1.0–16.1.6

OR

f5 big-ip_gtmRange16.1.0–16.1.6

OR

f5 big-ip_link_controllerRange16.1.0–16.1.6

OR

f5 big-ip_ltmRange16.1.0–16.1.6

OR

f5 big-ip_pemRange16.1.0–16.1.6

OR

f5 big-ip_ssl_orchestratorRange16.1.0–16.1.6

OR

f5 big-ip_aamRange15.1.0–15.1.10

OR

f5 big-ip_afmRange15.1.0–15.1.10

OR

f5 big-ip_analyticsRange15.1.0–15.1.10

OR

f5 big-ip_apmRange15.1.0–15.1.10

OR

f5 big-ip_asmRange15.1.0–15.1.10

OR

f5 big-ip_ddos_hybrid_defenderRange15.1.0–15.1.10

OR

f5 big-ip_dnsRange15.1.0–15.1.10

OR

f5 big-ip_fpsRange15.1.0–15.1.10

OR

f5 big-ip_gtmRange15.1.0–15.1.10

OR

f5 big-ip_link_controllerRange15.1.0–15.1.10

OR

f5 big-ip_ltmRange15.1.0–15.1.10

OR

f5 big-ip_pemRange15.1.0–15.1.10

OR

f5 big-ip_ssl_orchestratorRange15.1.0–15.1.10

OR

f5 big-ip_aamRange14.1.0–14.1.5

OR

f5 big-ip_afmRange14.1.0–14.1.5

OR

f5 big-ip_analyticsRange14.1.0–14.1.5

OR

f5 big-ip_apmRange14.1.0–14.1.5

OR

f5 big-ip_asmRange14.1.0–14.1.5

OR

f5 big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5

OR

f5 big-ip_dnsRange14.1.0–14.1.5

OR

f5 big-ip_fpsRange14.1.0–14.1.5

OR

f5 big-ip_gtmRange14.1.0–14.1.5

OR

f5 big-ip_link_controllerRange14.1.0–14.1.5

OR

f5 big-ip_ltmRange14.1.0–14.1.5

OR

f5 big-ip_pemRange14.1.0–14.1.5

OR

f5 big-ip_ssl_orchestratorRange14.1.0–14.1.5

OR

f5 big-ip_aamRange13.1.0–13.1.5

OR

f5 big-ip_afmRange13.1.0–13.1.5

OR

f5 big-ip_analyticsRange13.1.0–13.1.5

OR

f5 big-ip_apmRange13.1.0–13.1.5

OR

f5 big-ip_asmRange13.1.0–13.1.5

OR

f5 big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

OR

f5 big-ip_dnsRange13.1.0–13.1.5

OR

f5 big-ip_fpsRange13.1.0–13.1.5

OR

f5 big-ip_gtmRange13.1.0–13.1.5

OR

f5 big-ip_link_controllerRange13.1.0–13.1.5

OR

f5 big-ip_ltmRange13.1.0–13.1.5

OR

f5 big-ip_pemRange13.1.0–13.1.5

OR

f5 big-ip_ssl_orchestratorRange13.1.0–13.1.5

OR

f5 big-ip_aamRange12.1.0–12.1.6

OR

f5 big-ip_afmRange12.1.0–12.1.6

OR

f5 big-ip_analyticsRange12.1.0–12.1.6

OR

f5 big-ip_apmRange12.1.0–12.1.6

OR

f5 big-ip_asmRange12.1.0–12.1.6

OR

f5 big-ip_ddos_hybrid_defenderRange12.1.0–12.1.6

OR

f5 big-ip_dnsRange12.1.0–12.1.6

OR

f5 big-ip_fpsRange12.1.0–12.1.6

OR

f5 big-ip_gtmRange12.1.0–12.1.6

OR

f5 big-ip_link_controllerRange12.1.0–12.1.6

OR

f5 big-ip_ltmRange12.1.0–12.1.6

OR

f5 big-ip_pemRange12.1.0–12.1.6

OR

f5 big-ip_ssl_orchestratorRange12.1.0–12.1.6

OR

f5 big-iq_centralized_managementRange8.0.0–8.4.0

OR

f5 big-iq_centralized_managementRange7.0.0–7.1.0

OR

f5 big-iq_centralized_managementMatch6.1.0

09 Feb 2026 13:59Current

7.3High risk

Vulners AI Score7.3

CVSS 27.5

CVSS 3.19.8

EPSS0.00662

SSVC

node.js dns vulnerabilities cve-2021-3672 cve-2021-22931 domain hijacking remote code execution injection