16 matches found
CVE-2026-20916
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2026-29989
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...
EUVD-2026-29964
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...
EUVD-2026-29957
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-20916
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-24464
CVE-2026-24464 is an Appliance mode vulnerability in iControl REST with directory traversal that, when exploited by an authenticated administrator, can delete files across a security boundary. The F5 advisory confirms this affects BIG-IP/iControl REST across multiple branches with varying vulnera...
CVE-2026-20916
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-20916 BIG-IQ iControl REST vulnerability
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41954 iControl REST and tmsh vulnerability
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...
K000158029: iControl REST vulnerability CVE-2026-20916
Security Advisory Description An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. CVE-2026-20916 Impact An authenticated attacker with low privileges can exploit this vulnerability remotel...
PT-2026-40632
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When running in Appliance mode, a directory traversal issue exists in an undisclosed iControl REST endpoint. This allows...
PT-2026-40631
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that originates from an undisclosed endpoint accessible via the Configuration...
F5 BIG-IQ 代码问题漏洞
F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. F5 BIG-IQ suffers from a security vulnerability that originate...
CVE-2022-35243
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. ...
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...