NVD disclosure day
CVE-2021-22991
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Certain F5 BIG-IP systems are affected by a vulnerability that can lead to denial-of-service or bypass of access controls. This may impact system availability and data integrity. The risk to business operations is heightened as this vulnerability can be exploited remotely.
CVE-2021-21975
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A Server-Side Request Forgery vulnerability in the VMware vRealize Operations Manager API allows a malicious actor with network access to steal administrative credentials. This poses a business risk of unauthorized access and potential data compromise.
CVE-2021-22986
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
F5 BIG-IP and BIG-IQ products have a remote command execution vulnerability in the iControl REST interface. This could allow attackers to execute commands, impacting system integrity and data security. The business risk is high due to the potential for unauthorized access and control.