F5 Big-Ip Guided Configuration vulnerabilities

6 known vulnerabilities affecting f5/big-ip_guided_configuration.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2023-39447MEDIUMCVSS 4.4≥ 7.0, ≤ 7.7v6.0+1 more2023-10-10
CVE-2023-39447 [MEDIUM] CWE-532 CVE-2023-39447: When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logg When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd
CVE-2022-27806HIGHCVSS 7.2fixed in 9.02022-05-05
CVE-2022-27806 [HIGH] CWE-77 CVE-2022-27806: On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnera
nvd
CVE-2022-25946MEDIUMCVSS 6.5≤ 9.02022-05-05
CVE-2022-25946 [HIGH] CWE-354 CVE-2022-25946: On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check
nvd
CVE-2022-27230MEDIUMCVSS 6.1fixed in 9.02022-05-05
CVE-2022-27230 [HIGH] CWE-79 CVE-2022-27230: On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-I On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logg
nvd
CVE-2022-27878MEDIUMCVSS 6.8v6.0v7.0+1 more2022-05-05
CVE-2022-27878 [MEDIUM] CWE-79 CVE-2022-27878: On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Gu On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-
nvd
CVE-2021-23046MEDIUMCVSS 4.9fixed in 8.0.02021-09-14
CVE-2021-23046 [MEDIUM] CWE-532 CVE-2021-23046: On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure prop On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd