CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23413 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2025-23413
05 Feb 2025 — When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000149185 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24319 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2025-24319
05 Feb 2025 — When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000148412 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37028 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-37028
14 Aug 2024 — BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139938 • CWE-645: Overly Restrictive Account Lockout Mechanism •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39809 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-39809
14 Aug 2024 — The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140111 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41719 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-41719
14 Aug 2024 — When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140006 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 89%CPEs: 1EXPL: 2CVE-2024-26026 – BIG-IP Central Manager SQL Injection
https://notcve.org/view.php?id=CVE-2024-26026
08 May 2024 — An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad de inyección SQL en la API (URI) de BIG-IP Next Central Manager. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://github.com/passwa11/CVE-2024-26026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 89%CPEs: 1EXPL: 1CVE-2024-21793 – BIG-IP Central Manager OData Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-21793
08 May 2024 — An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de inyección de OData en la API (URI) del Administrador Central de BIG-IP Next. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://github.com/FeatherStark/CVE-2024-21793 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33612 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-33612
08 May 2024 — An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de validación de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de pr... • https://my.f5.com/manage/s/article/K000139012 • CWE-295: Improper Certificate Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32049 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-32049
08 May 2024 — BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Next Central Manager (CM) puede permitir que un atacante remoto no autenticado obtenga las credenciales de la instancia BIG-IP Next LTM/WAF. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138634 • CWE-300: Channel Accessible by Non-Endpoint •