Big-iq Centralized Management Security Vulnerabilities and Issues — Big-iq Centralized Management CVE List

Lucene search

F5Big-iq Centralized Management

10 matches found

CVE•added 2019/07/26 12:15 a.m.•521 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

9.1CVSS8.9AI score0.0341EPSS

CVE•added 2022/01/25 8:15 p.m.•137 views

CVE-2022-23009

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

9CVSS7.1AI score0.00312EPSS

CVE•added 2019/07/01 9:15 p.m.•134 views

CVE-2019-6642

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell ac...

9CVSS8.8AI score0.00522EPSS

CVE•added 2021/06/10 3:15 p.m.•87 views

CVE-2021-23024

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

9CVSS7AI score0.0489EPSS

CVE•added 2022/08/04 6:15 p.m.•87 views

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging o...

9.8CVSS8.9AI score0.00481EPSS

CVE•added 2024/02/14 5:15 p.m.•56 views

CVE-2024-22093

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Supp...

9.6CVSS8.6AI score0.00379EPSS

CVE•added 2016/09/07 7:28 p.m.•54 views

CVE-2016-5022

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP ...

9.8CVSS9.6AI score0.01304EPSS

CVE•added 2019/11/27 10:15 p.m.•54 views

CVE-2019-6665

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkfl...

9.4CVSS9.1AI score0.00838EPSS

CVE•added 2020/04/24 2:15 p.m.•41 views

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

9.1CVSS9AI score0.00288EPSS

CVE•added 2021/03/31 6:15 p.m.•37 views

CVE-2021-23005

On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are...

9.1CVSS9.1AI score0.0047EPSS