Vulnerabilities > F5 > BIG IP Guided Configuration

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-39447 Information Exposure Through Log Files vulnerability in F5 products
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-532
4.4
4.4
2022-05-05 CVE-2022-25946 Improper Validation of Integrity Check Value vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration.
network
f5 CWE-354
4.9
4.9
2022-05-05 CVE-2022-27230 Cross-site Scripting vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user.
network
f5 CWE-79
4.3
4.3
2022-05-05 CVE-2022-27806 Command Injection vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration.
network
f5 CWE-77
6.0
6.0
2022-05-05 CVE-2022-27878 Cross-site Scripting vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user.
network
f5 CWE-79
6.0
6.0
2021-09-14 CVE-2021-23046 Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs.
network
f5 CWE-532
3.5
3.5