Vulnerabilities > F5 > Nginx Instance Manager > 2.7.0

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10318 Session Fixation vulnerability in F5 products
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time.
network
low complexity
f5 CWE-384
5.4
2024-08-22 CVE-2024-7634 Path Traversal vulnerability in F5 Nginx Agent and Nginx Instance Manager
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
network
low complexity
f5 CWE-22
4.9