F5

Big-ip Next Central Manager

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-24319

  • EPSS 0.22%
  • Published 05.02.2025 18:15:34
  • Last modified 05.02.2025 18:15:34

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Techni...

6.7

CVE-2025-23413

  • EPSS 0.05%
  • Published 05.02.2025 18:15:31
  • Last modified 05.02.2025 18:15:31

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated...

5.5

CVE-2024-41719

  • EPSS 0.13%
  • Published 14.08.2024 15:15:27
  • Last modified 19.08.2024 18:40:35

When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not e...

8.8

CVE-2024-39809

  • EPSS 0.69%
  • Published 14.08.2024 15:15:26
  • Last modified 19.08.2024 16:19:52

The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

5.3

CVE-2024-37028

  • EPSS 0.25%
  • Published 14.08.2024 15:15:21
  • Last modified 20.08.2024 19:26:49

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.8

CVE-2024-33612

  • EPSS 0.18%
  • Published 08.05.2024 15:15:11
  • Last modified 05.09.2025 15:51:43

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated...

7.4

CVE-2024-32049

  • EPSS 0.43%
  • Published 08.05.2024 15:15:09
  • Last modified 12.12.2024 19:01:52

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2024-26026

  • EPSS 88.19%
  • Published 08.05.2024 15:15:08
  • Last modified 19.09.2025 20:18:32

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5

CVE-2024-21793

  • EPSS 85.3%
  • Published 08.05.2024 15:15:07
  • Last modified 19.09.2025 20:18:26

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.