Page 9 of 51 results (0.003 seconds)

CVSS: 8.2EPSS: 0%CPEs: 56EXPL: 0

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP las versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.3, 14.1.x anteriores a 14.1.4 y versiones 13.1.x anteriores a 13.1.4, falta de validación de entrada para los elementos utilizados en la funcionalidad de soporte del sistema puede permitir que los usuarios a los que se les otorguen roles de "Resource Administrator" o "Administrator" ejecutar comandos bash arbitrarios en BIG-IP. Nota: No se evalúan las versiones de software que hayan alcanzado el End of Technical Support (EoTS) • https://support.f5.com/csp/article/K04234247 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6 y versiones 12.1.x anteriores a 12.1.5.3, el Traffic Management Microkernel (TMM), puede dejar de responder al procesar el tráfico Stream Control Transmission Protocol (SCTP) bajo determinadas condiciones. Esta vulnerabilidad afecta a TMM por medio de un servidor virtual configurado con un perfil SCTP. • https://support.f5.com/csp/article/K04234247 https://support.f5.com/csp/article/K05300051 •

CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.4, versiones 12.1.x anteriores a 12.1.6 y versiones 11.6.x anteriores a 11.6.5.3, cuando el sistema BIG-IP está almacenando fragmentos de paquetes en búfer para volver a ensamblarlos, el Traffic Management Microkernel (TMM) puede consumir una cantidad excesiva de recursos, conllevando eventualmente a un evento de reinicio y conmutación por error. Nota: Las versiones de Software que hayan alcanzado End of Technical Support (EoTS) no son evaluadas • https://support.f5.com/csp/article/K10751325 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.0-16.0.1 y 14.1.2.4-14.1.3, una cooperación entre el código de cliente HTTP malicioso y un servidor malicioso puede hacer a TMM reinicie y genere un archivo core. Nota: No son evaluadas las versiones de software que han alcanzado End of Software Development (EoSD) • https://support.f5.com/csp/article/K14693346 •

CVSS: 8.3EPSS: 0%CPEs: 84EXPL: 0

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1, versiones 15.1.x anteriores a 15.1.1, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.5 y todas las versiones 12.1.xy 11.6.x, endpoints no divulgados en iControl REST permiten un ataque de tipo XSS reflejado, lo que podría conllevar a un compromiso completo de BIG-IP si el usuario víctima se otorgaba el rol de administrador. Nota: No son evaluadas las versiones de software que han alcanzado End of Software Development (EoSD) • https://support.f5.com/csp/article/K87502622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •