Vulnerabilities > F5 > Nginx Controller > 3.9.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-01 CVE-2021-23019 Insufficiently Protected Credentials vulnerability in F5 Nginx Controller
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
local
low complexity
f5 CWE-522
7.8
7.8
2021-06-01 CVE-2021-23020 Use of Insufficiently Random Values vulnerability in F5 Nginx Controller
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
local
low complexity
f5 CWE-330
5.5
5.5
2020-12-11 CVE-2020-27730 Path Traversal vulnerability in multiple products
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
network
low complexity
f5 netapp CWE-22
critical
 9.8
9.8