Known Vulnerabilities for Big-ip Analytics by F5

Listed below are 10 of the newest known vulnerabilities associated with the software "Big-ip Analytics" by "F5".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-33911 An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for ... Not Provided 2022-07-12 2022-07-12
CVE-2022-33173 An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrad... Not Provided 2022-07-12 2022-07-12
CVE-2022-31500 In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Not Provided 2022-06-02 2022-06-02
CVE-2022-29548 A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0... Not Provided 2022-04-21 2022-06-27
CVE-2022-29174 countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a mal... 8.1 - HIGH 2022-05-17 2022-05-17
CVE-2022-24848 DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection securit... 8.8 - HIGH 2022-06-01 2022-06-01
CVE-2022-23022 On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can caus... 7.5 - HIGH 2022-01-25 2022-02-01
CVE-2022-23021 On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclo... 7.5 - HIGH 2022-01-25 2022-02-01
CVE-2022-23020 On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and con... 7.5 - HIGH 2022-01-25 2022-02-01
CVE-2022-23019 On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x... 7.5 - HIGH 2022-01-25 2022-02-01

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationF5Big-ip Analytics16.0.1.1AllAllAll
ApplicationF5Big-ip Analytics16.0.1AllAllAll
ApplicationF5Big-ip Analytics16.0.0AllAllAll
ApplicationF5Big-ip Analytics15.1.2AllAllAll
ApplicationF5Big-ip Analytics15.1.1AllAllAll
ApplicationF5Big-ip Analytics15.1.0.5AllAllAll
ApplicationF5Big-ip Analytics15.1.0.4AllAllAll
ApplicationF5Big-ip Analytics15.1.0.3AllAllAll
ApplicationF5Big-ip Analytics15.1.0.2AllAllAll
ApplicationF5Big-ip Analytics15.1.0.1AllAllAll
ApplicationF5Big-ip Analytics15.1.0AllAllAll
ApplicationF5Big-ip Analytics15.0.1.4AllAllAll
ApplicationF5Big-ip Analytics15.0.1.3AllAllAll
ApplicationF5Big-ip Analytics15.0.1.2AllAllAll
ApplicationF5Big-ip Analytics15.0.1.1AllAllAll
ApplicationF5Big-ip Analytics15.0.1.0.48.11AllAllAll
ApplicationF5Big-ip Analytics15.0.1.0.33.11AllAllAll
ApplicationF5Big-ip Analytics15.0.1AllAllAll
ApplicationF5Big-ip Analytics15.0.0AllAllAll
ApplicationF5Big-ip Analytics14.1.3.1AllAllAll

Popular searches for Big-ip Analytics

TMUI RCE vulnerability CVE-2020-5902

support.f5.com/csp/article/K52145254

$TMUI RCE vulnerability CVE-2020-5902 Product: BIG-IP , BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics , BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP FPS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP PEM. Product: F5 App Protect, F5 DDoS Hybrid Defender, F5 SSL Orchestrator. The Traffic Management User Interface TMUI , also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP Ps, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.

F5 Networks Vulnerability (computing) Computer configuration Utility software Common Vulnerabilities and Exposures IP address User (computing) Command (computing) Assembly language Analytics Privacy-Enhanced Mail Denial-of-service attack Execution (computing) Computer file Application software Transport Layer Security Authentication Hybrid kernel User interface Arbitrary code execution

BIG-IP SSL vulnerability CVE-2017-6168

support.f5.com/csp/article/K21905460

G-IP SSL vulnerability CVE-2017-6168 Product: BIG-IP , BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics , BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP M. HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle MiTM attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Exploiting this vulnerability to perform plaintext recovery of encrypted messages will, in most practical cases, allow an attacker to read the plaintext only after the session has completed. Only TLS sessions established using RSA key exchange are vulnerable to this attack.

F5 Networks Transport Layer Security Vulnerability (computing) RSA (cryptosystem) Plaintext Client (computing) Encryption Man-in-the-middle attack Common Vulnerabilities and Exposures Key exchange Privacy-Enhanced Mail Analytics Public-key cryptography Elliptic-curve Diffie–Hellman Assembly language Security hacker Server (computing) Ciphertext Diffie–Hellman key exchange Advanced Power Management

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report