CVE-2021-23026
- EPSS 0.48%
- Veröffentlicht 14.09.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 05:51:10
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attack...
- EPSS 5.35%
- Veröffentlicht 10.06.2021 15:15:09
- Zuletzt bearbeitet 21.11.2024 05:51:10
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoT...
CVE-2021-23006
- EPSS 0.62%
- Veröffentlicht 31.03.2021 18:15:15
- Zuletzt bearbeitet 21.11.2024 05:51:08
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CVE-2021-23005
- EPSS 1%
- Veröffentlicht 31.03.2021 18:15:15
- Zuletzt bearbeitet 21.11.2024 05:51:08
On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which ha...
CVE-2021-22997
- EPSS 1.08%
- Veröffentlicht 31.03.2021 18:15:15
- Zuletzt bearbeitet 21.11.2024 05:51:05
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software version...
CVE-2021-22996
- EPSS 0.97%
- Veröffentlicht 31.03.2021 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:05
On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS...
CVE-2021-22995
- EPSS 0.87%
- Veröffentlicht 31.03.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:51:05
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of So...
- EPSS 99.9%
- Veröffentlicht 31.03.2021 15:15:15
- Zuletzt bearbeitet 27.10.2025 17:06:56
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticat...
CVE-2021-22974
- EPSS 0.81%
- Veröffentlicht 12.02.2021 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:02
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to ta...
CVE-2020-5944
- EPSS 0.81%
- Veröffentlicht 05.11.2020 20:15:17
- Zuletzt bearbeitet 21.11.2024 05:34:52
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and ...