BIG-IP Traffic Management User Interface Vulnerability

Free Trial

BIG-IP Traffic Management User Interface Vulnerability

Overview :

Multiple vulnerabilities reported in BIG-IP Traffic Management User Interface

Affected Product(s) :

BIG-IP versions 16.0.0 – 16.0.0.1
BIG-IP versions 15.0.0 – 15.1.0
BIG-IP versions 14.1.0 – 14.1.2
BIG-IP versions 13.1.0 – 13.1.3
BIG-IP versions 12.1.0 – 12.1.5
BIG-IP versions 11.6.1 – 11.6.5

Vulnerability Details :

CVE ID :

CVE-2020-5948

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

CVE ID :

CVE-2020-5949

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.

Solution :

This vulnerability is currently rectified in latest versions.

Contact us to get started

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

Description Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

Learn more

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

Description The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up

Learn more

CVE-2023-33965 : BROOK PRIOR 20230606 TPROXY SERVER OS COMMAND INJECTION

Description Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker

Learn more