Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature, whi...

F5 BIG-IP Next Central Manager OData Injection Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An OData injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited to send crafted SQL statemen...

F5 BIG-IP Next Central Manager 20.0.1 < 20.2.0 OData Injection (K000138732)

The version of the Big-IP Next Central Manager installed on the remote Windows host is between 20.0.1 and 20.1.0. It is, therefore, affected by an OData Injection vulnerability as referenced in the K000138732 advisory. An unauthenticated attacker can exploit this vulnerability to execute maliciou...

CVE-2024-21793

An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-21793

An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-21793 BIG-IP Central Manager OData Injection Vulnerability

An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-21793

CVE-2024-21793 : An OData injection vulnerability exists in the BIG-IP Next Central Manager API. Affected: BIG-IP Next Central Manager versions 20.0.1 to 20.1.0. Impact: unauthenticated remote attackers can execute malicious SQL statements via the API, potentially bypassing authentication or exfi...

CVE-2024-21793 BIG-IP Central Manager OData Injection Vulnerability

An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793

Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-21793 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements which may allow the attacker to access but not update information...

PT-2024-19061 · F5 · Big-Ip Next Central Manager

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP Next Central Manager affected versions not specified Description: An OData injection vulnerability exists in the BIG-IP Next Central Manager API. The issue affects the API endpoint, but specific details about the endpoint, such as...