CVE-2024-21793

CWE-89SQL InjectionCWE-200Information Exposure7 documents7 sources
Severity
7.5HIGH
EPSS
87.1%
top 0.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Big-ip Next Central Manager
Timeline
PublishedMay 8
Latest updateSep 25

Description

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5f5/big-ip_next_central_manager20.0.120.2.0
NVDf5/big-ip_next_central_manager20.0.120.2.0

🔴Vulnerability Details

2
GHSA
GHSA-w9q2-p57h-r357: An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI)2024-05-08
CVEList
BIG-IP Central Manager OData Injection Vulnerability2024-05-08

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager OData Injection (CVE-2024-21793)2024-09-25

📋Vendor Advisories

1
F5
CVE-2024-21793: An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI)2024-05-08
CVE-2024-21793 (HIGH CVSS 7.5) | An OData injection vulnerability ex | cvebase.io