CVE-2023-36494 – F5OS-A vulnerability
https://notcve.org/view.php?id=CVE-2023-36494
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los registros de auditoría de F5OS-A pueden contener información confidencial no revelada. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134922 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-22657 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22657
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K06345931 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-41835 – F5OS vulnerability CVE-2022-41835
https://notcve.org/view.php?id=CVE-2022-41835
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. En F5OS-A versiones 1.x y anteriores a 1.1.0 y en versión 1.x de F5OS-C anteriores a 1.5.0, un exceso de permisos de archivos en F5OS permite a un atacante local autenticado ejecutar un conjunto limitado de comandos en un contenedor y afectar al controlador de F5OS • https://support.f5.com/csp/article/K33484483 • CWE-269: Improper Privilege Management •
CVE-2022-41780 – F5OS CLI vulnerability CVE-2022-41780
https://notcve.org/view.php?id=CVE-2022-41780
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. En F5OS-A versión 1.x antes de 1.1.0 y F5OS-C versión 1.x antes de 1.4.0, se presenta una vulnerabilidad de salto de directorios en una ubicación no revelada de la CLI de F5OS que permite a un atacante leer archivos arbitrarios • https://support.f5.com/csp/article/K81701735 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-25990
https://notcve.org/view.php?id=CVE-2022-25990
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En las versiones 1.0.x anteriores a 1.0.1, los sistemas que ejecutan el software F5OS-A pueden exponer determinados puertos del registro de forma externa. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no son evaluadas • https://support.f5.com/csp/article/K44233515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •