Vulnerabilities > F5 > Nginx Instance Manager > 2.6.0

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10318 Session Fixation vulnerability in F5 products
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time.
network
low complexity
f5 CWE-384
5.4
2024-08-22 CVE-2024-7634 Path Traversal vulnerability in F5 Nginx Agent and Nginx Instance Manager
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
network
low complexity
f5 CWE-22
4.9
2023-05-03 CVE-2023-28724 Incorrect Default Permissions vulnerability in F5 products
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5 CWE-276
7.1