Page 3 of 33 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K20145107 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.3EPSS: 0%CPEs: 95EXPL: 0

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132768 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000133132 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mientras es usado Intel QAT (QuickAssist Technology) y el cifrado AES-GCM/CCM, las condiciones no reveladas pueden causar que BIG-IP envíe datos sin cifrar incluso con un perfil SSL aplicado • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •