Vulnerabilities > F5 > BIG IP Global Traffic Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-14 | CVE-2024-41723 | Unspecified vulnerability in F5 products Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 |
2023-10-10 | CVE-2023-41964 | Unspecified vulnerability in F5 products The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.5 |
2023-08-02 | CVE-2023-38138 | Unspecified vulnerability in F5 products A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.1 |
2023-08-02 | CVE-2023-38423 | Unspecified vulnerability in F5 products A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.4 |
2023-08-02 | CVE-2023-3470 | Improper Authentication vulnerability in F5 products Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. | 6.1 |
2023-05-03 | CVE-2023-24594 | Resource Exhaustion vulnerability in F5 products When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 |
2023-05-03 | CVE-2023-27378 | Unspecified vulnerability in F5 products Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.1 |
2023-05-03 | CVE-2023-28406 | Unspecified vulnerability in F5 products A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. | 4.3 |
2022-10-19 | CVE-2022-41694 | Unspecified vulnerability in F5 products In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. | 4.9 |
2022-10-19 | CVE-2022-41770 | Resource Exhaustion vulnerability in F5 products In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. | 6.5 |