Vulnerabilities > F5 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-10318 | Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. | 5.4 |
| 2024-08-14 | CVE-2024-37028 | Improper Authentication vulnerability in F5 Big-Ip Next Central Manager BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 |
| 2024-08-14 | CVE-2024-41719 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Next Central Manager When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2024-08-14 | CVE-2024-41723 | Unspecified vulnerability in F5 products Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 |
| 2024-08-14 | CVE-2024-7347 | Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. | 4.7 |
| 2023-10-10 | CVE-2023-39447 | Information Exposure Through Log Files vulnerability in F5 products When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.4 |
| 2023-10-10 | CVE-2023-41253 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Domain Name System When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2023-10-10 | CVE-2023-41964 | Cleartext Storage of Sensitive Information vulnerability in F5 products The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.5 |
| 2023-10-10 | CVE-2023-43485 | Information Exposure Through Log Files vulnerability in F5 products When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2023-10-10 | CVE-2023-45219 | Unspecified vulnerability in F5 products Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.4 |