Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-iq centralized management vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2017-6152
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.
F5 Big-iq Centralized Management
3.5
CVSSv2
CVE-2019-6653
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.
F5 Big-iq Centralized Management
NA
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
4.8
CVSSv2
CVE-2020-5870
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.
F5 Big-iq Centralized Management
9
CVSSv2
CVE-2022-23009
On BIG-IQ Centralized Management 8.x prior to 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not e...
F5 Big-iq Centralized Management 8.0.0
7.5
CVSSv2
CVE-2019-6665
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise...
F5 Big-ip Application Security Manager
F5 Big-iq Centralized Management
F5 Big-iq Centralized Management 6.0.0
F5 Enterprise Manager 3.1.1
F5 Iworkflow 2.3.0
NA
CVE-2022-34844
In BIG-IP Versions 16.1.x prior to 16.1.3.1 and 15.1.x prior to 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can ca...
F5 Big-iq Centralized Management 7.0.0
F5 Big-iq Centralized Management 8.0.0
F5 Big-iq Centralized Management 7.1.0
F5 Big-iq Centralized Management 8.1.0
F5 Big-iq Centralized Management 8.2.0
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
2.1
CVSSv2
CVE-2018-5540
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges ...
F5 Big-ip Domain Name System
F5 Big-ip Global Traffic Manager
F5 Enterprise Manager 3.1.1
F5 Big-iq Centralized Management
F5 Big-iq Cloud And Orchestration 1.0.0
F5 F5 Iworkflow
4.8
CVSSv2
CVE-2020-5923
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-iq Centralized Management 5.4.0
F5 Big-iq Centralized Management
F5 Big-iq Centralized Management 7.0.0
NA
CVE-2022-35728
In BIG-IP Versions 17.0.x prior to 17.0.0.1, 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x prior to 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid ...
F5 Big-iq Centralized Management 7.0.0
F5 Big-iq Centralized Management 8.0.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-iq Centralized Management 8.1.0
F5 Big-iq Centralized Management 7.1.0
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »