Page 18 of 241 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 70EXPL: 0

On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 15.1.x anteriores a 15.1.0.5, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.5 y todas las versiones de 12.1.x y 11.6.x, se presenta una vulnerabilidad de ejecución de comandos remotos autenticados en la utilidad BIG-IP Configuration. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K55543151 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.6EPSS: 0%CPEs: 66EXPL: 0

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en una página no divulgada de la utilidad de Configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K21435974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 55EXPL: 0

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3.1, versiones 14.1.x anteriores a 14.1.4.2, versiones 13.1.x anteriores a 13.1.4.1 y todas las versiones de 12.1.x, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en una página no divulgada de la utilidad de Configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K61643620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 14.1.x anteriores a 14.1.4.4, cuando se configura un perfil HTTP en un servidor virtual, después de una secuencia específica de paquetes, las respuestas en trozos pueden causar la terminación del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K70415522 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.2.8, y todas las versiones de 13.1.x y 12.1.x, cuando se configura IPSec en un sistema BIG-IP, las peticiones no divulgadas de un peer remoto (IPSec) autorizado, que ya presenta una Asociación de Seguridad negociada, pueden causar la terminación del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K66782293 • CWE-20: Improper Input Validation •