213680 matches found
Command injection
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical...
Design/Logic Flaw
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Design/Logic Flaw
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
Sql injection
An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Directory traversal
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Authentication flaw
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Design/Logic Flaw
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Securi...
Authentication flaw
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are n...
Design/Logic Flaw
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Design/Logic Flaw
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
Design/Logic Flaw
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Hardcoded credentials
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...
Design/Logic Flaw
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Open redirect
Rejected reason: This is unused...
Default configuration
Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...
Open redirect
Rejected reason: This is unused...
Authentication flaw
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...