CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41164 – BIG-IP MPTCP vulnerability
https://notcve.org/view.php?id=CVE-2024-41164
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000138477 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32761 – BIG-IP TMM tenants on VELOS and rSeries vulnerability
https://notcve.org/view.php?id=CVE-2024-32761
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Bajo ciertas condiciones, puede ocurrir una posible fuga de datos en los micronúcleos de administración de tráfico (TMM) de los inquilinos de BIG-IP que se ejecutan en plataformas VELOS y rSeries. Sin embargo, un atacante no puede aprovechar este problema porque no se puede reproducir de forma consistente y está fuera de su control. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000139217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31156 – BIG-IP Configuration utility XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-31156
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de cross site scripting (XSS) almacenado en una página no divulgada de la utilidad de configuración BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-33604 – BIG-IP Configuration utility XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-33604
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad de cross site scripting (XSS) reflejado en una página no revelada de la utilidad de configuración BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000138894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28889 – BIG-IP SSL vulnerability
https://notcve.org/view.php?id=CVE-2024-28889
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando un perfil SSL con tieF5 Networksmpo de espera de alerta se configura con un valor no predeterminado en un servidor virtual, el tráfico no divulgado junto con condiciones fuera del control del atacante pueden hacer que el Microkernel de gestión de tráfico (TMM) finalice. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138912 • CWE-825: Expired Pointer Dereference •