Vulnerabilities > F5 > Nginx Controller > 3.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-23019 | Insufficiently Protected Credentials vulnerability in F5 Nginx Controller The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. | 6.9 |
| 2021-06-01 | CVE-2021-23020 | Use of Insufficiently Random Values vulnerability in F5 Nginx Controller The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. | 2.1 |
| 2021-06-01 | CVE-2021-23021 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 Nginx Controller The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. | 2.1 |
| 2020-12-11 | CVE-2020-27730 | Path Traversal vulnerability in multiple products In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. | 7.5 |