Lucene search
+L

371 matches found

Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.27 views

F5 Networks BIG-IP : iControl REST vulnerability (K11742742)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K11742742 advisory. Undisclosed requests by an authenticated iControl REST user can cause an increase in...

6.5CVSS6.5AI score0.00895EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.36 views

F5 Networks BIG-IP : Appliance Mode authenticated iControl REST vulnerability (K74151369)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K74151369 advisory. - On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, an...

7.2CVSS7.1AI score0.01343EPSS
Exploits0References2
CNVD
CNVD
added 2021/08/26 12:0 a.m.65 views

F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability is associated with a policy on Virtul Serve...

5.3CVSS3.7AI score0.00919EPSS
Exploits0References1
Prion
Prion
added 2021/05/10 3:15 p.m.27 views

Authentication flaw

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints...

6.5CVSS6.8AI score0.01343EPSS
Exploits0References1Affected Software14
CVE
CVE
added 2021/05/10 2:40 p.m.76 views

CVE-2021-23015

CVE-2021-23015 affects F5 BIG-IP when running in Appliance Mode. An authenticated user with the Administrator role may bypass Appliance Mode restrictions via undisclosed iControl REST endpoints. Impact is a control-plane bypass with no data-plane exposure; the vulnerability is mitigated by upgrad...

7.2CVSS7.4AI score0.01343EPSS
Exploits0References1Affected Software14
OSV
OSV
added 2021/03/31 6:15 p.m.3 views

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

4.3CVSS5.8AI score0.00572EPSS
Exploits0References1
OSV
OSV
added 2021/03/31 6:15 p.m.6 views

CVE-2021-22994

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP...

6.1CVSS5.8AI score0.00581EPSS
Exploits0References1
NVD
NVD
added 2021/03/31 6:15 p.m.25 views

CVE-2021-22994

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP...

6.1CVSS0.00581EPSS
Exploits0References1
Prion
Prion
added 2021/03/31 6:15 p.m.18 views

Design/Logic Flaw

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

4CVSS4.5AI score0.00572EPSS
Exploits0References1Affected Software14
CVE
CVE
added 2021/03/31 5:38 p.m.65 views

CVE-2021-23001

CVE-2021-23001 affects BIG-IP Advanced WAF/ASM; an authenticated user can upload files via an undisclosed iControl REST endpoint, potentially exhausting disk space or enabling later attacks. Affected versions include 16.0.0–16.0.1, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x. Remediation: upgrade ...

4.3CVSS5AI score0.00572EPSS
Exploits0References1Affected Software14
Cvelist
Cvelist
added 2021/03/31 5:38 p.m.29 views

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

4.8AI score0.00572EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/03/31 5:25 p.m.37 views

CVE-2021-22994

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP...

7.7AI score0.00581EPSS
Exploits0References1
CVE
CVE
added 2021/03/31 5:25 p.m.98 views

CVE-2021-22994

CVE-2021-22994 is an XSS flaw in BIG-IP iControl REST that enables a reflected XSS leading to complete system compromise when the victim is an admin. Affected: BIG-IP versions and branches as per F5 advisories (K66851119 and related entries): 16.x vulnerable 16.0.0–16.0.1; fix in 16.1.0.1/16.1.0+...

6.1CVSS7.2AI score0.00581EPSS
Exploits0References1Affected Software14
OSV
OSV
added 2021/03/31 3:15 p.m.5 views

CVE-2021-22986

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note...

9.8CVSS7.7AI score0.99898EPSS
Exploits20References4
CVE
CVE
added 2021/03/31 2:4 p.m.1292 views

CVE-2021-22986

CVE-2021-22986 affects F5 BIG-IP iControl REST, allowing unauthenticated remote command execution. Affected software ranges include BIG-IP 16.0.0–16.0.1 (before 16.0.1.1), 15.1.x (before 15.1.2.1), 14.1.x (before 14.1.4), 13.1.x (before 13.1.3.6), 12.1.x (before 12.1.5.3), and BIG-IQ 7.1.0.x (bef...

10CVSS9.7AI score0.99898EPSS
In wildExploits20References4Affected Software15
ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.620 views

K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note...

10CVSS10AI score0.99898EPSS
In wildExploits20References4
The Hacker News
The Hacker News
added 2021/03/20 3:54 p.m.8 views

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of i...

10CVSS8.4AI score0.99898EPSS
Exploits20
CNVD
CNVD
added 2021/03/11 12:0 a.m.6 views

F5 iControl REST Remote Command Execution Vulnerability

F5 BIG-IP is F5's application delivery platform that integrates network traffic scheduling, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IQ Centralized Management is F5's management and scheduling platform that centrally manages and controls the F5 BIG-IP physical...

10CVSS7.5AI score0.99898EPSS
Exploits20
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.4 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is F5's application delivery platform that integrates network traffic scheduling, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IQ Centralized Management is F5's management and scheduling platform that centrally manages and controls the F5 BIG-IP physical...

10CVSS6AI score0.99898EPSS
Exploits20References11
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.48 views

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM iControl REST vulnerability (K06440657)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K06440657 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1,...

4.3CVSS5.3AI score0.00572EPSS
Exploits0References2
Rows per page
Query Builder