Big-iq Centralized Management@8.3.0 Security Vulnerabilities and Issues — Big-iq Centralized Management@8.3.0 CVE List

Lucene search

F5Big-iq Centralized Management8.3.0

10 matches found

CVE•added 2023/08/02 4:15 p.m.•2518 views

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.3CVSS4.8AI score0.00164EPSS

CVE•added 2024/02/14 5:15 p.m.•76 views

CVE-2024-22389

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.2CVSS7.1AI score0.00238EPSS

CVE•added 2023/10/10 1:15 p.m.•72 views

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5CVSS5.4AI score0.00198EPSS

CVE•added 2023/10/10 1:15 p.m.•62 views

CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.5CVSS5.8AI score0.00226EPSS

CVE•added 2024/02/14 5:15 p.m.•59 views

CVE-2024-22093

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Supp...

8.7CVSS8.6AI score0.00323EPSS

CVE•added 2024/02/14 5:15 p.m.•54 views

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliancemode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

6CVSS6AI score0.00016EPSS

CVE•added 2024/02/14 5:15 p.m.•45 views

CVE-2024-24775

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5CVSS7.6AI score0.00362EPSS

CVE•added 2024/02/14 5:15 p.m.•42 views

CVE-2024-21782

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

6.7CVSS7.4AI score0.00286EPSS

CVE•added 2024/02/14 5:15 p.m.•41 views

CVE-2024-23979

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are...

7.5CVSS7.8AI score0.00203EPSS

CVE•added 2024/02/14 5:15 p.m.•35 views

CVE-2024-23314

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5CVSS7.6AI score0.00267EPSS