Lucene search

HistoryMay 14, 2024 - 12:00 a.m.

F5 BIG-IP Next Central Manager < 20.2.0 SQLi (K000138732) (Direct Check)

2024-05-1400:00:00

www.tenable.com

f5 big-ip

central manager

sql injection

vulnerability

binary data

scanner

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Binary data bigip_next_central_manager_cve-2024-21793.nbin

VendorProductVersionCPE
f5bigip_next_central_managerx-cpe:/a:f5:bigip_next_central_manager

Vendor	Product	Version	CPE
f5	bigip_next_central_manager		x-cpe:/a:f5:bigip_next_central_manager

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21793

www.nessus.org/u?b635ed5d

my.f5.com/manage/s/article/K000138732

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for BIGIP_NEXT_CENTRAL_MANAGER_CVE-2024-21793.NBIN