CVE-2024-21793 – BIG-IP Central Manager OData Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-21793
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de inyección de OData en la API (URI) del Administrador Central de BIG-IP Next. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://github.com/FeatherStark/CVE-2024-21793 https://my.f5.com/manage/s/article/K000138732 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-33612 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-33612
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de validación de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de proveedor de instancias. Una explotación exitosa de esta vulnerabilidad puede permitir al atacante cruzar un límite de seguridad. • https://my.f5.com/manage/s/article/K000139012 • CWE-295: Improper Certificate Validation •
CVE-2024-28132 – BIG-IP NEXT CNF vulnerability
https://notcve.org/view.php?id=CVE-2024-28132
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de exposición de información confidencial en el contenedor GSLB, que puede permitir que un atacante autenticado con acceso local vea información confidencial. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138913 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2024-32049 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-32049
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Next Central Manager (CM) puede permitir que un atacante remoto no autenticado obtenga las credenciales de la instancia BIG-IP Next LTM/WAF. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138634 • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2024-25560 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2024-25560
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se otorga licencia y aprovisionamiento de BIG-IP AFM, el tráfico DNS no divulgado puede provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000139037 • CWE-476: NULL Pointer Dereference •