F5: Security Vulnerabilities
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.3
EPSS Score
0.006
Published
2023-05-03
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-05-03
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
4.3
EPSS Score
0.012
Published
2023-05-03
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.1
EPSS Score
0.005
Published
2023-05-03
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-05-03
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-04-09
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-04-09
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-04-09
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-04-09
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-04-04