exploitDog

GHSA-mrph-rvc3-cv97

Опубликовано: 06 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Ссылки

EPSS

Процентиль: 100%

0.94456

Критический

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-306

Связанные уязвимости

CVE-2022-1388

CVSS3: 9.8

nvd

почти 4 года назад

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

BDU:2022-02849

CVSS3: 9.8

fstec

почти 4 года назад

Уязвимость интерфейса iControl REST API средств защиты приложений BIG-IP, позволяющая нарушителю выполнять произвольные команды, изменять или удалять файлы

EPSS

Процентиль: 100%

0.94456

Критический

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-306