Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iq vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-22995
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are ...
F5 Big-iq Centralized Management
7.5
CVSSv3
CVE-2021-22997
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of So...
F5 Big-iq Centralized Management
6.1
CVSSv3
CVE-2021-23006
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
F5 Big-iq Centralized Management
7.2
CVSSv3
CVE-2021-23024
On version 8.0.x prior to 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
9.1
CVSSv3
CVE-2020-5869
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path malicious users to read / modify confidential data in transit.
F5 Big-iq Centralized Management
4.3
CVSSv3
CVE-2020-5944
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defe...
F5 Big-iq Centralized Management
5.4
CVSSv3
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
4.8
CVSSv3
CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions before 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.
Netapp Active Iq Unified Manager
6.5
CVSSv3
CVE-2022-23240
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions before 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.
Netapp Active Iq Unified Manager
7.8
CVSSv3
CVE-2020-8574
Active IQ Unified Manager for Linux versions before 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
Netapp Active Iq Unified Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »