CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22999
https://notcve.org/view.php?id=CVE-2021-22999
On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En las versiones 15.0.x anteriores a 15.1.0 y 14.1.x anteriores a 14.1.4, el sistema BIG-IP ofrece una opción para conectar clientes HTTP/2 a servidores HTTP/1.x. Cuando un cliente tarda en aceptar respuestas y cierra una conexión prematuramente, el sistema BIG-IP puede retener indefinidamente algunos flujos sin cerrar. • https://support.f5.com/csp/article/K02333782 •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2021-23003
https://notcve.org/view.php?id=CVE-2021-23003
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, el proceso Traffic Management Microkernel (TMM) puede producir un archivo central cuando el tráfico MPTCP no revelado pasa a través de un servidor virtual estándar. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K43470422 •
CVSS: 6.1EPSS: 0%CPEs: 84EXPL: 0CVE-2021-22994
https://notcve.org/view.php?id=CVE-2021-22994
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, los endpoints no revelados en iControl REST permiten un ataque XSS reflejado, lo que podría conllevar a un compromiso completo del sistema BIG-IP si se le otorga el rol de administrador al usuario víctima. Esta vulnerabilidades es debido a una solución incompleta para CVE-2020-5948. • https://support.f5.com/csp/article/K66851119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 84EXPL: 0CVE-2021-22989
https://notcve.org/view.php?id=CVE-2021-22989
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, cuando se ejecuta en modo Appliance con Advanced WAF o BIG-IP ASM aprovisionado, TMUI, también se conoce como la utilidad Configuration, tiene una vulnerabilidad de ejecución de comandos remota autenticada en páginas no reveladas. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K56142644 •
CVSS: 9.0EPSS: 0%CPEs: 84EXPL: 0CVE-2021-22990
https://notcve.org/view.php?id=CVE-2021-22990
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, en sistemas con Advanced WAF o ASM BIG-IP aprovisionados, la Traffic Management User Interface (TMUI), también se conoce como la utilidad Configuration, tiene una vulnerabilidad de ejecución de comandos remota autenticada en páginas no reveladas. Nota: No se evalúan las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K45056101 •