Big-iq Centralized Management Security Vulnerabilities and Issues — Big-iq Centralized Management CVE List

Lucene search

F5Big-iq Centralized Management

5 matches found

cve•added 2020/04/30 10:15 p.m.•73 views

CVE-2020-5890

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.

5.5CVSS5.6AI score0.00133EPSS

cve•added 2020/04/30 9:15 p.m.•55 views

CVE-2020-5873

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands...

7.2CVSS6.9AI score0.00286EPSS

cve•added 2020/04/24 1:15 p.m.•47 views

CVE-2020-5868

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.

10CVSS9.6AI score0.03878EPSS

cve•added 2020/04/24 2:15 p.m.•46 views

CVE-2020-5870

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.

8.1CVSS8.1AI score0.0022EPSS

cve•added 2020/04/24 2:15 p.m.•43 views

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

9.1CVSS9AI score0.00288EPSS