4 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad de inyección SQL en la API (URI) de BIG-IP Next Central Manager. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://github.com/passwa11/CVE-2024-26026 https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026 https://my.f5.com/manage/s/article/K000138733 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de inyección de OData en la API (URI) del Administrador Central de BIG-IP Next. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://github.com/FeatherStark/CVE-2024-21793 https://my.f5.com/manage/s/article/K000138732 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de validación de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de proveedor de instancias. Una explotación exitosa de esta vulnerabilidad puede permitir al atacante cruzar un límite de seguridad. • https://my.f5.com/manage/s/article/K000139012 • CWE-295: Improper Certificate Validation •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Next Central Manager (CM) puede permitir que un atacante remoto no autenticado obtenga las credenciales de la instancia BIG-IP Next LTM/WAF. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138634 • CWE-300: Channel Accessible by Non-Endpoint •