F5

Big-ip Next Central Manager

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-54500

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 13.08.2025 14:46:55
  • Zuletzt bearbeitet 03.11.2025 20:19:14

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Su...

8.7

CVE-2025-41399

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:09

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are no...

8.7

CVE-2025-36504

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:19
  • Zuletzt bearbeitet 21.10.2025 18:42:48

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-24319

  • EPSS 0.35%
  • Veröffentlicht 05.02.2025 18:15:34
  • Zuletzt bearbeitet 12.11.2025 16:37:37

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Techni...

6.7

CVE-2025-23413

  • EPSS 0.06%
  • Veröffentlicht 05.02.2025 18:15:31
  • Zuletzt bearbeitet 12.11.2025 14:40:22

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated...

5.5

CVE-2024-41719

  • EPSS 0.13%
  • Veröffentlicht 14.08.2024 15:15:27
  • Zuletzt bearbeitet 19.08.2024 18:40:35

When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not e...

8.8

CVE-2024-39809

  • EPSS 0.76%
  • Veröffentlicht 14.08.2024 15:15:26
  • Zuletzt bearbeitet 19.08.2024 16:19:52

The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

5.3

CVE-2024-37028

  • EPSS 0.25%
  • Veröffentlicht 14.08.2024 15:15:21
  • Zuletzt bearbeitet 20.08.2024 19:26:49

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.8

CVE-2024-33612

  • EPSS 0.18%
  • Veröffentlicht 08.05.2024 15:15:11
  • Zuletzt bearbeitet 05.09.2025 15:51:43

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated...

7.4

CVE-2024-32049

  • EPSS 0.43%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 12.12.2024 19:01:52

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.