Vulnerabilities > F5 > BIG IP Global Traffic Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-41723 Unspecified vulnerability in F5 products
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5
4.3
2023-10-10 CVE-2023-41964 Cleartext Storage of Sensitive Information vulnerability in F5 products
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-312
6.5
2023-10-10 CVE-2023-43485 Information Exposure Through Log Files vulnerability in F5 products
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-532
5.5
2023-10-10 CVE-2023-45219 Unspecified vulnerability in F5 products
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5
4.4
2023-08-02 CVE-2023-38138 Cross-site Scripting vulnerability in F5 products
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-79
6.1
2023-08-02 CVE-2023-38419 Improper Handling of Exceptional Conditions vulnerability in F5 products
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-755
4.3
2023-08-02 CVE-2023-38423 Cross-site Scripting vulnerability in F5 products
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-79
5.4
2023-08-02 CVE-2023-3470 Improper Authentication vulnerability in F5 products
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.
low complexity
f5 CWE-287
6.1
2023-05-03 CVE-2023-24594 Resource Exhaustion vulnerability in F5 products
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-400
5.3
2023-05-03 CVE-2023-27378 Cross-site Scripting vulnerability in F5 products
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-79
6.1