K97002210 : NGINX Controller vulnerability CVE-2021-23018

2021-05-2500:00:00

my.f5.com

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.9%

JSON

Security Advisory Description

Intra-cluster communication does not use TLS. The services within the NGINX Controller namespace are using cleartext protocols inside the cluster. (CVE-2021-23018)

Impact

Attackers with access to cluster may have the ability to read and modify the data being sent between services managed within the affected controller.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.0.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3
big-ip afmeq11.6.4
big-ip afmeq11.6.5
big-ip afmeq12.1.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.0.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3
big-ip afm	eq	11.6.4
big-ip afm	eq	11.6.5
big-ip afm	eq	12.1.0

Rows per page:

1-10 of 2381