CVE-2021-23025
https://notcve.org/view.php?id=CVE-2021-23025
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 15.1.x anteriores a 15.1.0.5, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.5 y todas las versiones de 12.1.x y 11.6.x, se presenta una vulnerabilidad de ejecución de comandos remotos autenticados en la utilidad BIG-IP Configuration. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K55543151 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-23037
https://notcve.org/view.php?id=CVE-2021-23037
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en una página no divulgada de la utilidad de Configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K21435974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23038
https://notcve.org/view.php?id=CVE-2021-23038
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3.1, versiones 14.1.x anteriores a 14.1.4.2, versiones 13.1.x anteriores a 13.1.4.1 y todas las versiones de 12.1.x, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en una página no divulgada de la utilidad de Configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K61643620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23039
https://notcve.org/view.php?id=CVE-2021-23039
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.2.8, y todas las versiones de 13.1.x y 12.1.x, cuando se configura IPSec en un sistema BIG-IP, las peticiones no divulgadas de un peer remoto (IPSec) autorizado, que ya presenta una Asociación de Seguridad negociada, pueden causar la terminación del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K66782293 • CWE-20: Improper Input Validation •
CVE-2021-23045
https://notcve.org/view.php?id=CVE-2021-23045
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3.1, versiones 14.1.x anteriores a 14.1.4.3, versiones 13.1.x anteriores a 13.1.4.1, y todas las versiones de 12.1.x, cuando se configura un perfil SCTP con múltiples rutas en un servidor virtual, las peticiones no divulgadas pueden causar la terminación del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K94941221 • CWE-20: Improper Input Validation •