Page 90 of 477 results (0.033 seconds)

CVSS: 9.0EPSS: 0%CPEs: 140EXPL: 0

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. F5 BIG-IP en versiones anteriores a 12.0.0 HF3 permite a usuarios remotos autenticados modificar la configuración de cuenta de usuarios con el rol Resource Administration y obtener privilegios a través de una secuencia de comandos de monitor Extended Application Verification (EAV) externa manipulada. • http://www.securityfocus.com/bid/91532 http://www.securitytracker.com/id/1036131 https://support.f5.com/kb/en-us/solutions/public/k/00/sol00265182.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 73EXPL: 0

The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. El servicio iControl REST en F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller y PEM 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP GTM 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.1; BIG-IQ Cloud and Security 4.0.0 hasta la versión 4.5.0; BIG-IQ Device 4.2.0 hasta la versión 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0 y BIG-IQ Cloud and Orchestration 1.0.0 permite a administradores remotos autenticados obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1036172 https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake. Servidores virtuales en F5 BIG-IP 11.5.4, cuando perfiles SSL están habilitados, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y reinicio de Traffic Management Microkernel) a través de una alerta SSL durante el apretón de manos. • http://www.securitytracker.com/id/1036025 https://support.f5.com/kb/en-us/solutions/public/k/48/sol48042976.html • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 120EXPL: 0

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment. F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller y PEM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP AAM 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator y WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.1; BIG-IP PSM 11.3.x y 11.4.x en versiones anteriores a 11.4.1 HF10; Enterprise Manager 3.0.0 hasta la versión 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 hasta la versión 4.5.0; BIG-IQ Device 4.2.0 hasta la versión 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; y BIG-IQ Cloud and Orchestration 1.0.0 en las plataformas 3900, 6900, 8900, 8950, 11000, 11050, PB100 y PB200, cuando las cookies del sofware SYN están configuradas en servidores virtuales, permite a atacantes remotos provocar una denegación de servicio (cuelgue de High-Speed Bridge) a través de un segmento TCP no válido. • http://www.securitytracker.com/id/1035873 http://www.securitytracker.com/id/1035874 https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html • CWE-20: Improper Input Validation •

CVSS: 7.4EPSS: 0%CPEs: 106EXPL: 0

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration. F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Lenk Controller y PEM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256, 11.6.0 en versiones anteriores a build 6.204.442 y 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP AAM 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256, 11.6.0 en versiones anteriores a build 6.204.442 y 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP DNS 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP Edge Gateway, WebAccelerator y WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256 y 11.6.0 en versiones anteriores a build 6.204.442; BIG-IP PSM 11.3.x y 11.4.x en versiones anteriores a 11.4.1 build 685-HF10; BIG-IQ Cloud, Device y Security 4.2.0 hasta la versión 4.5.0 y BIG-IQ ADC 4.5.0 no regenera correctamente certificados y claves cuando despliega imágenes en la nube en Amazon Web Services (AWS), Azure o entornos de servicios en al nube de Verizon, lo que permite a atacantes obtener información sensible o provocar una denegación de servicio (interrupción) aprovechando una configuración de instancia de objetivo. • http://www.securitytracker.com/id/1035520 https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •