Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iControl REST and tmsh vulnerability
Vulnerability Description
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
F5 BIG-IP 安全漏洞
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在安全漏洞,该漏洞源于dig 命令中存在不正确的权限分配,可能允许具有资源管理员或管理员角色权限的攻击者查看敏感信息,以下产品和版本受到影响:BIG-IP (AFM) 17.0.0、16.1.0 到16.1.3、15.1.0 到 15.1.7、14.1.0 到 14.1.5,BIG-IQ Centralized Management 8.0.0 到 8.2.0、7.1.0版本。
CVSS Information
N/A
Vulnerability Type
N/A