Big Ip Next Central Manager
Sign in to watchby F5, Inc.
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26026 | 0.07 | — | 0.89 | May 8, 2024 | An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||
| CVE-2024-21793 | 0.07 | — | 0.87 | May 8, 2024 | An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2025-23413 | 0.00 | — | 0.00 | Feb 5, 2025 | When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2025-24319 | 0.00 | — | 0.01 | Feb 5, 2025 | When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2024-37028 | 0.00 | — | 0.00 | Aug 14, 2024 | BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2024-39809 | 0.00 | — | 0.01 | Aug 14, 2024 | The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||
| CVE-2024-41719 | 0.00 | — | 0.00 | Aug 14, 2024 | When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2024-33612 | 0.00 | — | 0.00 | May 8, 2024 | An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2024-32049 | 0.00 | — | 0.00 | May 8, 2024 | BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |