CVE-2021-23054: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

A reflected cross-site scripting (XSS) vulnerability (CVE-2021-23054) was identified in F5 BIG-IP APM systems. The vulnerability affects multiple versions including 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x. The vulnerability exists in the resource information page and is specifically exploitable when a full webtop is configured on the BIG-IP APM system. The issue was disclosed and assigned a CVE ID on January 6, 2021 (MITRE).

The vulnerability is classified as a reflected cross-site scripting (XSS) issue (CWE-79) that affects authenticated users of the BIG-IP APM system. The vulnerability specifically manifests in the resource information page when the system has a full webtop configuration (MITRE).

As a reflected XSS vulnerability, successful exploitation could allow attackers to execute malicious scripts in the context of authenticated users' browsers, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks (NVD).

F5 Networks has released patched versions to address this vulnerability. Users should upgrade to version 16.1.0 or later, 15.1.4 or later, or 14.1.4.4 or later, depending on their current version track. Systems running on 13.1.x, 12.1.x, and 11.6.x versions should be upgraded to a supported version that includes the fix (F5 Support).