CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39447 – BIG-IP APM Guided Configuration vulnerability
https://notcve.org/view.php?id=CVE-2023-39447
10 Oct 2023 — When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se configura BIG-IP APM Guided Configurations, es posible que se registre información confidencial no divulgada en restnoded log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K47756555 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 201EXPL: 0CVE-2022-27878
https://notcve.org/view.php?id=CVE-2022-27878
05 May 2022 — On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En todas las versiones de 16.1.x, 15.1.x, 14.1.x, 13.1.x, ... • https://support.f5.com/csp/article/K92807525 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 55EXPL: 0CVE-2022-27806
https://notcve.org/view.php?id=CVE-2022-27806
05 May 2022 — On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated E... • https://support.f5.com/csp/article/K68647001 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 55EXPL: 0CVE-2022-25946
https://notcve.org/view.php?id=CVE-2022-25946
05 May 2022 — On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En todas las versiones de 16.1.... • https://support.f5.com/csp/article/K52322100 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-27230
https://notcve.org/view.php?id=CVE-2022-27230
05 May 2022 — On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En todas las versiones de 16.1.x, 15.1.x, 14.1.x, 13.... • https://support.f5.com/csp/article/K21317311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23046
https://notcve.org/view.php?id=CVE-2021-23046
14 Sep 2021 — On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de Guided Configuration anteriores a 8.0.0, cuando es creado una configuración que contiene propiedades seguras y se despliega desde Access Guided Configuration (AGC), las prop... • https://support.f5.com/csp/article/K70652532 • CWE-532: Insertion of Sensitive Information into Log File •