17 results (0.006 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139938 • CWE-645: Overly Restrictive Account Lockout Mechanism •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140111 • CWE-613: Insufficient Session Expiration •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140006 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000138477 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad de inyección SQL en la API (URI) de BIG-IP Next Central Manager. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://github.com/passwa11/CVE-2024-26026 https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026 https://my.f5.com/manage/s/article/K000138733 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •