F5

Big-iq Centralized Management

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.48%
  • Veröffentlicht 14.09.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:10

BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attack...

Exploit
  • EPSS 5.35%
  • Veröffentlicht 10.06.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:51:10

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoT...

  • EPSS 0.62%
  • Veröffentlicht 31.03.2021 18:15:15
  • Zuletzt bearbeitet 21.11.2024 05:51:08

On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

  • EPSS 1%
  • Veröffentlicht 31.03.2021 18:15:15
  • Zuletzt bearbeitet 21.11.2024 05:51:08

On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which ha...

  • EPSS 1.08%
  • Veröffentlicht 31.03.2021 18:15:15
  • Zuletzt bearbeitet 21.11.2024 05:51:05

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software version...

  • EPSS 0.97%
  • Veröffentlicht 31.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:05

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS...

  • EPSS 0.87%
  • Veröffentlicht 31.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:05

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of So...

Warnung Exploit
  • EPSS 99.9%
  • Veröffentlicht 31.03.2021 15:15:15
  • Zuletzt bearbeitet 27.10.2025 17:06:56

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticat...

  • EPSS 0.81%
  • Veröffentlicht 12.02.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:02

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to ta...

  • EPSS 0.81%
  • Veröffentlicht 05.11.2020 20:15:17
  • Zuletzt bearbeitet 21.11.2024 05:34:52

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and ...