Known Vulnerabilities for Big-ip Analytics by F5

Listed below are 10 of the newest known vulnerabilities associated with "Big-ip Analytics" by "F5".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-44749 A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can re... Not Provided 2022-11-24 2022-11-24
CVE-2022-43566 In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privi... Not Provided 2022-11-04 2022-11-04
CVE-2022-41558 The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst,... 9 - CRITICAL 2022-11-15 2022-11-15
CVE-2022-41553 Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (An... Not Provided 2022-11-01 2022-11-01
CVE-2022-41552 Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics,... Not Provided 2022-11-01 2022-11-01
CVE-2022-40311 Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress. 4.8 - MEDIUM 2022-10-21 2022-10-21
CVE-2022-39295 Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server... 6.1 - MEDIUM 2022-10-13 2022-10-13
CVE-2022-36773 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processin... 6.1 - MEDIUM 2022-09-01 2022-10-14
CVE-2022-36771 IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should no... 6.1 - MEDIUM 2022-09-28 2022-09-28
CVE-2022-34339 "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticate... 6.1 - MEDIUM 2022-11-03 2022-11-04

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationF5Big-ip Analytics16.0.1.1AllAllAll
ApplicationF5Big-ip Analytics16.0.1AllAllAll
ApplicationF5Big-ip Analytics16.0.0AllAllAll
ApplicationF5Big-ip Analytics15.1.2AllAllAll
ApplicationF5Big-ip Analytics15.1.1AllAllAll
ApplicationF5Big-ip Analytics15.1.0.5AllAllAll
ApplicationF5Big-ip Analytics15.1.0.4AllAllAll
ApplicationF5Big-ip Analytics15.1.0.3AllAllAll
ApplicationF5Big-ip Analytics15.1.0.2AllAllAll
ApplicationF5Big-ip Analytics15.1.0.1AllAllAll
ApplicationF5Big-ip Analytics15.1.0AllAllAll
ApplicationF5Big-ip Analytics15.0.1.4AllAllAll
ApplicationF5Big-ip Analytics15.0.1.3AllAllAll
ApplicationF5Big-ip Analytics15.0.1.2AllAllAll
ApplicationF5Big-ip Analytics15.0.1.1AllAllAll
ApplicationF5Big-ip Analytics15.0.1.0.48.11AllAllAll
ApplicationF5Big-ip Analytics15.0.1.0.33.11AllAllAll
ApplicationF5Big-ip Analytics15.0.1AllAllAll
ApplicationF5Big-ip Analytics15.0.0AllAllAll
ApplicationF5Big-ip Analytics14.1.3.1AllAllAll

Popular searches for Big-ip Analytics

TMUI RCE vulnerability CVE-2020-5902

support.f5.com/csp/article/K52145254

$TMUI RCE vulnerability CVE-2020-5902 Product: BIG-IP , BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics , BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP FPS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP PEM. Product: F5 App Protect, F5 DDoS Hybrid Defender, F5 SSL Orchestrator. The Traffic Management User Interface TMUI , also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP Ps, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.

F5 Networks Vulnerability (computing) Computer configuration Utility software Common Vulnerabilities and Exposures IP address User (computing) Command (computing) Assembly language Analytics Privacy-Enhanced Mail Denial-of-service attack Execution (computing) Computer file Application software Transport Layer Security Authentication Hybrid kernel User interface Arbitrary code execution

BIG-IP SSL vulnerability CVE-2017-6168

support.f5.com/csp/article/K21905460

G-IP SSL vulnerability CVE-2017-6168 Product: BIG-IP , BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics , BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP M. HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle MiTM attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Exploiting this vulnerability to perform plaintext recovery of encrypted messages will, in most practical cases, allow an attacker to read the plaintext only after the session has completed. Only TLS sessions established using RSA key exchange are vulnerable to this attack.

F5 Networks Transport Layer Security Vulnerability (computing) RSA (cryptosystem) Plaintext Client (computing) Encryption Man-in-the-middle attack Common Vulnerabilities and Exposures Key exchange Privacy-Enhanced Mail Analytics Public-key cryptography Elliptic-curve Diffie–Hellman Assembly language Security hacker Server (computing) Ciphertext Diffie–Hellman key exchange Advanced Power Management

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report