CPE-11D3D9AB-7F09-42D3-8378-AC77B5F284E6 Détail

CPE Details

F5 NGINX Controller 2.7.0

Vendor

Product

nginx_controller

Version

2.7.0

Created

2020-03-30
11h48 +00:00

Modifié

2020-03-30
11h48 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:f5:nginx_controller:2.7.0:::::::*

Informations

Vendor

Product

nginx_controller

Version

2.7.0

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2021-23019	2021-06-01 10h03 +00:00	The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.	7.8	Haute
CVE-2020-27730	2020-12-11 18h03 +00:00	In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.	9.8	Critique
CVE-2020-5909	2020-07-02 10h26 +00:00	In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.	5.4	Moyen
CVE-2020-5910	2020-07-02 10h25 +00:00	In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.	7.5	Haute
CVE-2020-5911	2020-07-02 10h23 +00:00	In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.	7.3	Haute
CVE-2020-5900	2020-07-01 11h59 +00:00	In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.	8.8	Haute
CVE-2020-5867	2020-04-23 17h58 +00:00	In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages	8.1	Haute
CVE-2020-5866	2020-04-23 16h37 +00:00	In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.	5.5	Moyen
CVE-2020-5864	2020-04-23 16h32 +00:00	In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.	7.4	Haute
CVE-2020-5865	2020-04-23 16h16 +00:00	In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.	4.8	Moyen
CVE-2020-5863	2020-03-27 13h35 +00:00	In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.	8.6	Haute

F5 NGINX Controller 2.7.0

CPE Details

CPE Name: cpe:2.3:a:f5:nginx_controller:2.7.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:f5:nginx_controller:2.7.0:::::::*