538 matches found
PT-2026-40640
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication,...
PT-2026-40654
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An xpath injection issue exists in undisclosed pages of the Configuration utility. This allows a low-privileged...
Johnson Controls iSTAR Configuration Utility < 6.9.8 Stack-based Buffer Overflow
The version of Johnson Controls iSTAR Configuration Utility ICU installed on the remote Windows host is prior to 6.9.8. It is, therefore, affected by a stack-based buffer overflow vulnerability that could result in failure within the operating system of the machine hosting the ICU tool. Note that...
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000156644)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000156644 advisory. A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof...
CVE-2026-20732 BIG-IP Configuration utility vulnerability
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2026-5462
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-20732
CVE-2026-20732 affects F5 BIG-IP: a vulnerability in the BIG-IP Configuration utility page may allow an attacker to spoof error messages. According to the advisory data, this is a control-plane issue with no data-plane exposure, and it can mislead authenticated users into following malicious link...
CVE-2026-20732 BIG-IP Configuration utility vulnerability
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000156644: BIG-IP Configuration utility vulnerability CVE-2026-20732
Security Advisory Description A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. CVE-2026-20732 Impact An attacker may trick authenticated BIG-IP users into accessing malicious links and reflect a spoofed error message in...
CVE-2025-26386
Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...
CVE-2025-26386
Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...
CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool
Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...
CVE-2025-26386
Johnson Controls iSTAR Configuration Utility (ICU) on Windows is affected by a stack-based buffer overflow in ICU versions up to and including 6.9.7 (prior to 6.9.8). Successful exploitation could cause the host OS to fail, per NVD/Red Hat/Nessus/ICS advisories. A fixed version, ICU 6.9.8, is ref...
EUVD-2025-206488
Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...
CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool
Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...
PT-2026-5091
Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...
Johnson Controls iSTAR Configuration Utility security vulnerability
Johnson Controls iSTAR Configuration Utility is a software tool developed by Johnson Controls for configuring and managing iSTAR Controllers. Versions of the ICU 6.9.7 and earlier contain security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may lead to operating...
Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
CVE-2021-22989
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility,...
CVE-2021-22988
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed page...