Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Big-Iq Centralized Management Security Vulnerabilities - 2023

cve
cve

CVE-2023-29240

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.4CVSS

5.9AI Score

0.0005EPSS

2023-05-03 03:15 PM
25
cve
cve

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.3CVSS

4.8AI Score

0.001EPSS

2023-08-02 04:15 PM
2487
cve
cve

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5CVSS

6.5AI Score

0.001EPSS

2023-10-10 01:15 PM
51
cve
cve

CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.5CVSS

5.8AI Score

0.0004EPSS

2023-10-10 01:15 PM
44