CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-43125 – BIG-IP APM Clients TunnelCrack vulnerability
https://notcve.org/view.php?id=CVE-2023-43125
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Los clientes BIG-IP APM pueden enviar tráfico IP fuera del túnel VPN. Nota: Las versiones de software que han llegado al Final del Soporte Técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000136909 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-43124 – BIG-IP APM Clients TunnelCrack vulnerability
https://notcve.org/view.php?id=CVE-2023-43124
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Los clientes BIG-IP APM pueden enviar tráfico IP fuera del túnel VPN. Nota: Las versiones de software que han llegado al Final del Soporte Técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000136907 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 95EXPL: 0CVE-2023-38423 – BIG-IP Configuration utility vulnerability
https://notcve.org/view.php?id=CVE-2023-38423
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en una página no revelada de la utilidad de configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: No se evalúan las versiones de software que han alcanzado el fin de soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134535 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0CVE-2023-38419 – BIG-IP and BIG-IQ iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2023-38419
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Un atacante autenticado con privilegios de invitado o superior puede provocar la finalización del proceso iControl SOAP mediante el envío de solicitudes no reveladas. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000133472 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38418 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-38418
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. El instalador del cliente BIG-IP Edge en macOS no sigue las prácticas recomendadas para elevar privilegios durante el proceso de instalación. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134746 • CWE-347: Improper Verification of Cryptographic Signature •