231 results (0.000 seconds)

CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated El instalador del cliente BIG-IP Edge en macOS no sigue las mejores prácticas para elevar los privilegios durante el proceso de instalación. Esta vulnerabilidad se debe a una solución incompleta para CVE-2023-38418. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000136185 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una verificación insuficiente de la vulnerabilidad de los datos en BIG-IP Edge Client Installer en macOS que puede permitir que un atacante aumente sus privilegios durante el proceso de instalación. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000135040 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0

An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132539 • CWE-295: Improper Certificate Validation •

CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132522 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K76964818 • CWE-427: Uncontrolled Search Path Element •