Vulnerabilities > F5 > Nginx API Connectivity Manager > 1.4.1

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10318 Session Fixation vulnerability in F5 products
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time.
network
low complexity
f5 CWE-384
5.4
2023-05-03 CVE-2023-28724 Incorrect Default Permissions vulnerability in F5 products
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-276
7.1