exploitDog

GHSA-h24c-cc8x-fq2g

Опубликовано: 05 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Ссылки

EPSS

Процентиль: 71%

0.0068

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-613

Связанные уязвимости

CVE-2022-35728

CVSS3: 8.1

nvd

больше 3 лет назад

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

BDU:2022-04970

CVSS3: 10

fstec

больше 3 лет назад

Уязвимость интерфейса iControl REST API средств защиты приложений BIG-IP, позволяющая нарушителю выполнить произвольные команды, отключить произвольные службы, создавать или удалять произвольные файлы

EPSS

Процентиль: 71%

0.0068

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-613