![](https://cdn.prod.website-files.com/5b6fbc224c38193c65190432/605232eb7e353f550cba34b2_CodeGreen_F5_Zeroday.jpg)
F5 BIG-IP APM Zero Day Vulnerability (CVE-2021-23002) Disclosure
Wednesday, March 17, 2021
Zero Day
F5 BIG-IP APM versions 11.6.1 - 16.0.1 suffer from a session hijack zero day vulnerability (CVE-2021-23002 acknowledged to CodeGreen), which was discovered by CodeGreen’s security analysts while engaging in a penetration test for one of our BFSI customers. This blog demonstrates this vulnerability along with proof-of-concept (PoC) document we submitted to F5 SIRT.