19 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 74EXPL: 0

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando el reenvío de auditoría TACACS+ está configurado en el sistema BIG-IP o BIG-IQ, el secreto compartido se registra en texto plano en el audit log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K06110200 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 0%CPEs: 77EXPL: 0

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los sistemas BIG-IP y BIG-IQ no cifran cierta información confidencial escrita en las variables de la Base de Datos (DB). Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K20850144 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132719 • CWE-269: Improper Privilege Management CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 47%CPEs: 57EXPL: 0

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://support.f5.com/csp/article/K94221585 https://github.com/rbowes-r7/refreshing-soap-exploit https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures https://support.f5.com/csp/article/K97843387 https://support.f5.com/csp/article/K05403841 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1, y todas las versiones de la 13.1.x, y en BIG-IQ todas las versiones de la 8.x y la 7.x, un usuario autenticado de iControl REST puede causar un aumento en el uso de recursos de memoria, por medio de peticiones no reveladas • https://support.f5.com/csp/article/K22505850 • CWE-400: Uncontrolled Resource Consumption •