Lucene search
K

538 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.8 views

PT-2026-40640

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication,...

8.7CVSS5.8AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40654

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An xpath injection issue exists in undisclosed pages of the Configuration utility. This allows a low-privileged...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.3 views

Johnson Controls iSTAR Configuration Utility < 6.9.8 Stack-based Buffer Overflow

The version of Johnson Controls iSTAR Configuration Utility ICU installed on the remote Windows host is prior to 6.9.8. It is, therefore, affected by a stack-based buffer overflow vulnerability that could result in failure within the operating system of the machine hosting the ICU tool. Note that...

7.1CVSS6.1AI score0.0039EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000156644)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000156644 advisory. A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 3:2 p.m.29 views

CVE-2026-20732 BIG-IP Configuration utility vulnerability

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

3.1CVSS0.00154EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 3:2 p.m.6 views

EUVD-2026-5462

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

3.1CVSS5.4AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 3:2 p.m.13 views

CVE-2026-20732

CVE-2026-20732 affects F5 BIG-IP: a vulnerability in the BIG-IP Configuration utility page may allow an attacker to spoof error messages. According to the advisory data, this is a control-plane issue with no data-plane exposure, and it can mislead authenticated users into following malicious link...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References1Affected Software21
Vulnrichment
Vulnrichment
added 2026/02/04 3:2 p.m.3 views

CVE-2026-20732 BIG-IP Configuration utility vulnerability

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

3.1CVSS5.4AI score0.00154EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/02/04 2:3 p.m.8 views

K000156644: BIG-IP Configuration utility vulnerability CVE-2026-20732

Security Advisory Description A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. CVE-2026-20732 Impact An attacker may trick authenticated BIG-IP users into accessing malicious links and reflect a spoofed error message in...

4.3CVSS5.5AI score0.00154EPSS
Exploits0Affected Software11
RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.6 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.8 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS0.0039EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/28 11:24 a.m.4 views

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
CVE
CVE
added 2026/01/28 11:24 a.m.10 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility (ICU) on Windows is affected by a stack-based buffer overflow in ICU versions up to and including 6.9.7 (prior to 6.9.8). Successful exploitation could cause the host OS to fail, per NVD/Red Hat/Nessus/ICS advisories. A fixed version, ICU 6.9.8, is ref...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/28 11:24 a.m.5 views

EUVD-2025-206488

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/28 11:24 a.m.19 views

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5091

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

Johnson Controls iSTAR Configuration Utility security vulnerability

Johnson Controls iSTAR Configuration Utility is a software tool developed by Johnson Controls for configuring and managing iSTAR Controllers. Versions of the ICU 6.9.7 and earlier contain security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may lead to operating...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
ICS
ICS
added 2026/01/22 7:0 a.m.7 views

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

7.1CVSS5.7AI score0.0039EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.6 views

CVE-2021-22989

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility,...

9.1CVSS7AI score0.08838EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.8 views

CVE-2021-22988

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed page...

9CVSS6.9AI score0.10444EPSS
Exploits1References1
Rows per page
Query Builder