F5

Big-iq Centralized Management

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-38419

  • EPSS 0.16%
  • Veröffentlicht 02.08.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:13:31

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.4

CVE-2023-29240

  • EPSS 0.09%
  • Veröffentlicht 03.05.2023 15:15:13
  • Zuletzt bearbeitet 18.09.2025 20:15:36

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.8

CVE-2022-41622

  • EPSS 81.26%
  • Veröffentlicht 07.12.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:31

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5

CVE-2022-41770

  • EPSS 0.53%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:48

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory r...

9.8

CVE-2022-35728

  • EPSS 0.68%
  • Veröffentlicht 04.08.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:11:33

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token ma...

6.5

CVE-2022-34851

  • EPSS 0.42%
  • Veröffentlicht 04.08.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:10:18

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to...

7.5

CVE-2022-34844

  • EPSS 0.46%
  • Veröffentlicht 04.08.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:10:18

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, ...

5.3

CVE-2022-29479

  • EPSS 0.87%
  • Veröffentlicht 05.05.2022 17:15:15
  • Zuletzt bearbeitet 21.11.2024 06:59:09

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address ...

4.9

CVE-2022-26340

  • EPSS 0.11%
  • Veröffentlicht 05.05.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:53:46

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and...

6.5

CVE-2022-23023

  • EPSS 0.32%
  • Veröffentlicht 25.01.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:49

On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase i...