ConfigSync vulnerability in F5

Velbert Overview :
F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
http://schottremovals.co.uk/xizersnn.php?Fox=d3wL7 Affected Product(s) :
  • F5 BIG-IP 15.0.0
  • F5 BIG-IP 14.1.0-14.1.0.6
  • F5 BIG-IP 14.0.0-14.0.0.5
  • F5 BIG-IP 13.0.0-13.1.1.5
  • F5 BIG-IP 12.1.0-12.1.4.1
  • F5 BIG-IP 11.6.0-11.6.4
  • F5 BIG-IP 11.5.1-11.5.9
  • Enterprise Manager 3.1.1
Vulnerability Details :
CVE ID : CVE-2019-6649
F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. (CVE-2019-6649)

Solution : F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-4291 : Frauscher Sensortechnik FDS101 For FAdC 1.4.24 Code Injection

CVE-2023-4291 : Frauscher Sensortechnik FDS101 For FAdC 1.4.24 Code Injection

Description Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE)

CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation

CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation

Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,

CVE-2023-42454 : SQLpage Up To 0.11.0 Database Connection String sqlpage/sqlpage.json Information Disclosure

CVE-2023-42454 : SQLpage Up To 0.11.0 Database Connection String sqlpage/sqlpage.json Information Disclosure

Description SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly,