EUVD-2021-10164

Malware in sbrugna...

CVE-2021-23046

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration AGC, secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support EoTS are not...

F5 Networks BIG-IP : F5 BIG-IP Guided Configuration XSS vulnerability (K21317311)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8 / 16.1.3.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K21317311 advisory. - On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5...

F5 Networks BIG-IP : Appliance mode authenticated F5 BIG-IP Guided Configuration third-party lodash and jQuery vulnerabilities (K12492858)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8 / 16.1.3.2 / 17.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K12492858 advisory. - Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

F5 Networks BIG-IP APM Guided Configuration Information Disclosure (K47756555)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.8. It is, therefore, affected by a vulnerability as referenced in the K47756555 advisory. When BIG-IP APM Guided Configuration is configured, undisclosed sensitive information may be logged in the...

CVE-2023-39447 BIG-IP APM Guided Configuration vulnerability

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K47756555: BIG-IP APM Guided Configuration vulnerability CVE-2023-39447

Security Advisory Description When BIG-IP APM Guided Configuration is configured, undisclosed sensitive information may be logged in the restnoded log file. CVE-2023-39447 Impact This vulnerability may allow a high privileged authenticated attacker with local access to the BIG-IP system to read...

K70652532: F5 BIG-IP Guided Configuration logging vulnerability CVE-2021-23046

Security Advisory Description When a configuration that contains secure properties is created and deployed from BIG-IP Guided Configuration AGC, secure properties are logged in restnoded logs. CVE-2021-23046 Impact Users with access to restnoded logs may gain access to sensitive information from...

CVE-2022-27806

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance...

CVE-2022-27230

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

CVE-2022-27230

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Applian...

Cross site scripting

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

Cross site scripting

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Applian...

F5 Networks BIG-IP : TMUI XSS vulnerability (K92807525)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K92807525 advisory. - On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all...

CVE-2022-27806

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance...

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Applian...

CVE-2022-27230

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

F5 BIG-IP多款产品命令注入漏洞

F5 BIG-IP and so on are products of F5 Corporation in the U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP ASM is a Web Application Firewall WAF, and F5 Big-Ip Advanced Waf is an Advanc...