Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://my.f5.com/manage/s/article/K10438187 |
History
Tue, 20 Aug 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
F5
F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Advanced Web Application Firewall F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Application Visibility And Reporting F5 big-ip Automation Toolchain F5 big-ip Carrier-grade Nat F5 big-ip Container Ingress Services F5 big-ip Ddos Hybrid Defender F5 big-ip Domain Name System F5 big-ip Edge Gateway F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Policy Enforcement Manager F5 big-ip Ssl Orchestrator F5 big-ip Webaccelerator F5 big-ip Websafe |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_automation_toolchain:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_container_ingress_services:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:* |
|
Vendors & Products |
F5
F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Advanced Web Application Firewall F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Application Visibility And Reporting F5 big-ip Automation Toolchain F5 big-ip Carrier-grade Nat F5 big-ip Container Ingress Services F5 big-ip Ddos Hybrid Defender F5 big-ip Domain Name System F5 big-ip Edge Gateway F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Policy Enforcement Manager F5 big-ip Ssl Orchestrator F5 big-ip Webaccelerator F5 big-ip Websafe |
Fri, 16 Aug 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 14 Aug 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
Title | BIG-IP iControl REST vulnerability | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: f5
Published: 2024-08-14T14:32:30.852Z
Updated: 2024-08-16T19:06:02.769Z
Reserved: 2024-07-22T19:43:52.804Z
Link: CVE-2024-41723
Vulnrichment
Updated: 2024-08-16T19:05:53.069Z
NVD
Status : Analyzed
Published: 2024-08-14T15:15:27.593
Modified: 2024-08-20T19:26:24.033
Link: CVE-2024-41723
Redhat
No data.