exploitDog

CVE-2023-29240

Опубликовано: 03 мая 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Ссылки

https://my.f5.com/manage/s/article/K000132719
Vendor Advisory
https://my.f5.com/manage/s/article/K000132719
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.3.0 (исключая)

EPSS

Процентиль: 27%

0.00094

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-vgvm-wwrq-c4xw

CVSS3: 5.4

github

больше 2 лет назад

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

EPSS

Процентиль: 27%

0.00094

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-863

CWE-863