exploitDog

GHSA-6944-qqg6-vmm7

Опубликовано: 10 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Ссылки

EPSS

Процентиль: 62%

0.00428

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-613

Связанные уязвимости

CVE-2023-42768

CVSS3: 7.2

nvd

больше 2 лет назад

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

EPSS

Процентиль: 62%

0.00428

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-613