Lucene search

K
f5F5F5:K000138733
HistoryMay 08, 2024 - 12:00 a.m.

K000138733 : BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

2024-05-0800:00:00
my.f5.com
15
big-ip
central manager
sql injection
uri
cve-2024-26026
unauthenticated attacker
malicious sql statements
api

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

Security Advisory Description

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-26026)

Impact

An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API (URI).

VendorProductVersionCPE
f5big\-ip_next20.0.1cpe:2.3:a:f5:big\-ip_next:20.0.1:*:*:*:*:*:*:*
f5big\-ip_next20.0.2cpe:2.3:a:f5:big\-ip_next:20.0.2:*:*:*:*:*:*:*
f5big\-ip_next20.1.0cpe:2.3:a:f5:big\-ip_next:20.1.0:*:*:*:*:*:*:*
f5big\-ip_next20.1.1cpe:2.3:a:f5:big\-ip_next:20.1.1:*:*:*:*:*:*:*
f5big\-ip_next20.2.0cpe:2.3:a:f5:big\-ip_next:20.2.0:*:*:*:*:*:*:*
f5big\-ip_next1.1.0cpe:2.3:a:f5:big\-ip_next:1.1.0:*:*:*:*:*:*:*
f5big\-ip_next1.1.1cpe:2.3:a:f5:big\-ip_next:1.1.1:*:*:*:*:*:*:*
f5big\-ip_next1.2.0cpe:2.3:a:f5:big\-ip_next:1.2.0:*:*:*:*:*:*:*
f5big\-ip_next1.2.1cpe:2.3:a:f5:big\-ip_next:1.2.1:*:*:*:*:*:*:*
f5big\-ip_next1.3.0cpe:2.3:a:f5:big\-ip_next:1.3.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 4221

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%