242 matches found
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
Code injection
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
PT-2022-15775 · Nginx · Nginx Controller Api Management
Name of the Vulnerable Software and Affected Versions: NGINX Controller API Management versions 3.18.0 through 3.19.0 Description: An authenticated attacker with access to the user or admin role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is...
F5 Nginx 跨站脚本漏洞
The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...
F5 NGINX Controller API Code Injection Vulnerability
The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...
Vulnerabilities fixed in F5 products
F5 has fixed multiple vulnerabilities in several F5 products, including BIG-IP and BIG-IQ. Most of the updates are relate to the Traffic Management Microkernel TMM, a component of virtually all BIG-IP modules. The vulnerability with reference CVE-2022-23008 concerns the NGINX Controller API...
F5 Releases January 2022 Quarterly Security Notification
F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system...
Security Bulletin: Multiple vulnerabilities in F5 NGINX Controller affect IBM Cloud Pak for Automation
Summary The vulnerabilities are related to F5 NGINX Controller, included in the pfs-nginx-prod docker image, that is deployed by IBM Process Federation Server . Vulnerability Details CVEID: CVE-2021-23018 DESCRIPTION: F5 NGINX Controller could allow a remote attacker to obtain sensitive...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package...
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package...
Design/Logic Flaw
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
Design/Logic Flaw
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package...
CVE-2021-23019
The CVE-2021-23019 entry applies to NGINX Controller, affecting versions 2.0.0 through 2.9.0 and 3.x before 3.15.0. The root cause is exposure of the Administrator password in the systemd.txt file included in the NGINX support package. This credential exposure is the stated impact. Mitigation pro...