Lucene search
K

98 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:17 p.m.12 views

CVE-2021-23026

BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery CSRF attacks through iControl SOAP. Note: Software versions...

8.8CVSS7.1AI score0.00481EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.7 views

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP allows a perpetrator to execute arbitrary code.

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP involves the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

8.5CVSS8.5AI score0.72646EPSS
Exploits0References2Affected Software12
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.28 views

F5 Networks BIG-IP : iControl SOAP vulnerability (K53854428)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K53854428 advisory. BIG-IP and BIG-IQ arevulnerable to cross-site request forgery CSRF attacks through...

8.8CVSS7.4AI score0.00481EPSS
Exploits0References2
CNVD
CNVD
added 2023/08/07 12:0 a.m.22 views

F5 BIG-IP and BIG-IQ Centralized Management Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ Centralized Management is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery...

4.3CVSS6.7AI score0.00453EPSS
Exploits0References1
NVD
NVD
added 2023/08/02 4:15 p.m.17 views

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.3CVSS4.5AI score0.00453EPSS
Exploits0References1
OSV
OSV
added 2023/08/02 4:15 p.m.3 views

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.3CVSS5.8AI score0.00453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/02 3:55 p.m.17 views

CVE-2023-38419 BIG-IP and BIG-IQ iControl SOAP vulnerability

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.3CVSS6.6AI score0.00453EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/02 3:55 p.m.26 views

CVE-2023-38419 BIG-IP and BIG-IQ iControl SOAP vulnerability

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.3CVSS4.8AI score0.00453EPSS
Exploits0References1
CVE
CVE
added 2023/08/02 3:55 p.m.2530 views

CVE-2023-38419

CVE-2023-38419 affects F5 BIG-IP and BIG-IQ iControl SOAP. An authenticated attacker with guest or higher privileges can cause the iControl SOAP daemon to terminate/cease responding by sending undisclosed requests (DoS). Affected branches and fixes include: BIG-IP 17.x vulnerable (versions 17.0.0...

4.3CVSS4.8AI score0.00453EPSS
Exploits0References1Affected Software20
F5 Networks
F5 Networks
added 2023/08/02 1:26 p.m.43 views

K000135479: Overview of F5 vulnerabilities (August 2023)

Security Advisory Description On August 2, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Important :...

7.8CVSS5.8AI score0.00453EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/08/02 12:49 p.m.28 views

K000133472: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2023-38419

Security Advisory Description An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. CVE-2023-38419 Impact The iControl SOAP daemon becomes unresponsive. This vulnerability allows an authenticated attacker with a...

4.3CVSS4.8AI score0.00453EPSS
Exploits0Affected Software14
CNNVD
CNNVD
added 2023/08/02 12:0 a.m.5 views

F5 BIG-IP iControl SOAP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ Centralized Management is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery...

4.3CVSS6.5AI score0.00453EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/23 12:0 a.m.36 views

F5 Networks BIG-IP : iControl SOAP vulnerability (K000130415)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000130415 advisory. - A format string vulnerability exists in iControl SOAP that allows an authenticated attacker...

8.5CVSS8.8AI score0.72646EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.60 views

K53854428: iControl SOAP vulnerability CVE-2021-23026

Security Advisory Description BIG-IP and BIG-IQ are vulnerable to cross-site request forgery CSRF attacks through iControl SOAP. CVE-2021-23026 Impact An attacker may trick authenticated users into performing critical actions. This vulnerability can only be exploited through the control plane and...

8.8CVSS8.7AI score0.00481EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.96 views

K50974556: Overview of F5 vulnerabilities (August 2021)

Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

9.9CVSS8.6AI score0.02288EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.46 views

K50310001: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851

Security Advisory Description An authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. CVE-2022-34851 Impact This vulnerability allows a remote authenticated attacker with at least guest role privileges to send undisclosed requests to iControl SOAP,...

6.5CVSS6.4AI score0.00658EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.111 views

K59904248: iControl SOAP vulnerability CVE-2022-29474

Security Advisory Description A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. CVE-2022-29474 Impact An authenticated attacker with at least guest role privileges may...

4.3CVSS4.6AI score0.01469EPSS
Exploits0Affected Software13
The Hacker News
The Hacker News
added 2023/02/03 7:26 a.m.4 views

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service DoS or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol SOAP interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1...

8.8CVSS8.1AI score0.72646EPSS
Exploits0
OSV
OSV
added 2023/02/01 6:15 p.m.3 views

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

8.5CVSS7.5AI score0.72646EPSS
Exploits0References1
NVD
NVD
added 2023/02/01 6:15 p.m.33 views

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

8.5CVSS8.5AI score0.72646EPSS
Exploits0References1
Rows per page
Query Builder