F5 BIG-IP Local Traffic Manager (LTM) 17.0.0.2

CPE Details

F5 BIG-IP Local Traffic Manager (LTM) 17.0.0.2
f5
big-ip_local_traffic_manager
17.0.0.2
2023-02-08
15h58 +00:00
2023-02-16
15h12 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0.2:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

big-ip_local_traffic_manager

Version

17.0.0.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-38423 2023-08-02 15h55 +00:00 A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
5.4
Moyen
CVE-2023-38419 2023-08-02 15h55 +00:00 An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.3
Moyen
CVE-2023-38138 2023-08-02 15h55 +00:00 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.5
Haute
CVE-2023-28406 2023-05-03 14h34 +00:00 A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.3
Moyen
CVE-2023-27378 2023-05-03 14h33 +00:00 Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.5
Haute
CVE-2002-20001 2021-11-11 00h00 +00:00 The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
7.5
Haute
CVE-2012-1493 2012-07-09 22h00 +00:00 F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
7.8