Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-iq centralized management vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-5868
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
F5 Big-iq Centralized Management
F5 Big-iq Centralized Management 7.0.0
445
VMScore
CVE-2021-22995
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are ...
F5 Big-iq Centralized Management
445
VMScore
CVE-2021-22996
On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of ...
F5 Big-iq Centralized Management
445
VMScore
CVE-2021-22997
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of So...
F5 Big-iq Centralized Management
570
VMScore
CVE-2021-23005
On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Dev...
F5 Big-iq Centralized Management
383
VMScore
CVE-2021-23006
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
F5 Big-iq Centralized Management
801
VMScore
CVE-2021-23024
On version 8.0.x prior to 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
570
VMScore
CVE-2020-5869
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path malicious users to read / modify confidential data in transit.
F5 Big-iq Centralized Management
427
VMScore
CVE-2020-5870
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.
F5 Big-iq Centralized Management
356
VMScore
CVE-2020-5944
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defe...
F5 Big-iq Centralized Management
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »