CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24966 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2024-24966
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se configura la autenticación remota LDAP en F5OS, un usuario remoto sin una función asignada será autorizado incorrectamente. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000133111 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23607 – F5OS QKView utility vulnerability
https://notcve.org/view.php?id=CVE-2024-23607
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de directory traversal en la utilidad F5OS QKView que permite a un atacante autenticado leer archivos fuera del directorio QKView. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000132800 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36494 – F5OS-A vulnerability
https://notcve.org/view.php?id=CVE-2023-36494
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los registros de auditoría de F5OS-A pueden contener información confidencial no revelada. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134922 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22657 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22657
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K06345931 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41835 – F5OS vulnerability CVE-2022-41835
https://notcve.org/view.php?id=CVE-2022-41835
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. En F5OS-A versiones 1.x y anteriores a 1.1.0 y en versión 1.x de F5OS-C anteriores a 1.5.0, un exceso de permisos de archivos en F5OS permite a un atacante local autenticado ejecutar un conjunto limitado de comandos en un contenedor y afectar al controlador de F5OS • https://support.f5.com/csp/article/K33484483 • CWE-269: Improper Privilege Management •