F5

Big-iq Centralized Management

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.17%
  • Veröffentlicht 14.02.2024 17:15:14
  • Zuletzt bearbeitet 05.09.2025 15:51:32

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical S...

  • EPSS 0.34%
  • Veröffentlicht 14.02.2024 17:15:14
  • Zuletzt bearbeitet 23.01.2025 19:53:16

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software version...

  • EPSS 0.52%
  • Veröffentlicht 14.02.2024 17:15:13
  • Zuletzt bearbeitet 23.01.2025 19:52:38

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • EPSS 0.5%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 05.09.2025 15:49:32

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • EPSS 0.84%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 05.09.2025 15:43:00

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.  Note: Software...

  • EPSS 0.18%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 23.01.2025 19:47:50

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerabil...

  • EPSS 0.17%
  • Veröffentlicht 10.10.2023 13:15:21
  • Zuletzt bearbeitet 21.11.2024 08:24:08

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • EPSS 0.24%
  • Veröffentlicht 10.10.2023 13:15:21
  • Zuletzt bearbeitet 21.11.2024 08:22:00

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • EPSS 0.45%
  • Veröffentlicht 02.08.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:13:31

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • EPSS 0.41%
  • Veröffentlicht 03.05.2023 15:15:13
  • Zuletzt bearbeitet 27.01.2026 13:50:53

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.