F5 BIG-IP Policy Enforcement Manager 17.1.0.1

CPE Details

F5 BIG-IP Policy Enforcement Manager 17.1.0.1
f5
big-ip_policy_enforcement_manager
17.1.0.1
2023-05-09
14h35 +00:00
2023-05-12
13h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0.1:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

big-ip_policy_enforcement_manager

Version

17.1.0.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-23982 2024-02-14 16h35 +00:00 When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
7.5
Haute
CVE-2023-46748 2023-10-26 20h05 +00:00 An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
8.8
Haute
CVE-2023-46747 2023-10-26 20h04 +00:00 Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
9.8
Critique
CVE-2023-41373 2023-10-10 12h33 +00:00 A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
9.9
Critique
CVE-2023-38423 2023-08-02 15h55 +00:00 A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
5.4
Moyen
CVE-2023-38419 2023-08-02 15h55 +00:00 An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.3
Moyen
CVE-2023-38138 2023-08-02 15h55 +00:00 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.5
Haute