Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-iq centralized management vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-23006
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
F5 Big-iq Centralized Management
5
CVSSv2
CVE-2021-22997
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of So...
F5 Big-iq Centralized Management
2.1
CVSSv2
CVE-2017-6152
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.
F5 Big-iq Centralized Management
3.5
CVSSv2
CVE-2019-6653
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.
F5 Big-iq Centralized Management
NA
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
9
CVSSv2
CVE-2022-23009
On BIG-IQ Centralized Management 8.x prior to 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not e...
F5 Big-iq Centralized Management 8.0.0
NA
CVE-2022-34844
In BIG-IP Versions 16.1.x prior to 16.1.3.1 and 15.1.x prior to 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can ca...
F5 Big-iq Centralized Management 7.0.0
F5 Big-iq Centralized Management 8.0.0
F5 Big-iq Centralized Management 7.1.0
F5 Big-iq Centralized Management 8.1.0
F5 Big-iq Centralized Management 8.2.0
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
2.1
CVSSv2
CVE-2018-5540
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges ...
F5 Big-ip Domain Name System
F5 Big-ip Global Traffic Manager
F5 Enterprise Manager 3.1.1
F5 Big-iq Centralized Management
F5 Big-iq Cloud And Orchestration 1.0.0
F5 F5 Iworkflow
4.8
CVSSv2
CVE-2020-5923
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-iq Centralized Management 5.4.0
F5 Big-iq Centralized Management
F5 Big-iq Centralized Management 7.0.0
NA
CVE-2022-35728
In BIG-IP Versions 17.0.x prior to 17.0.0.1, 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x prior to 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid ...
F5 Big-iq Centralized Management 7.0.0
F5 Big-iq Centralized Management 8.0.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-iq Centralized Management 8.1.0
F5 Big-iq Centralized Management 7.1.0
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »