Known Vulnerabilities for Big-ip Analytics by F5

Listed below are 10 of the newest known vulnerabilities associated with the software "Big-ip Analytics" by "F5".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-29853 IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return valu... Not Provided 2021-09-01 2021-09-01
CVE-2021-29852 IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri... Not Provided 2021-09-01 2021-09-01
CVE-2021-29851 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in th... Not Provided 2021-09-01 2021-09-01
CVE-2021-29757 IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute... Not Provided 2021-08-02 2021-08-02
CVE-2021-29745 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to th... Not Provided 2021-10-15 2021-10-15
CVE-2021-29739 IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned... Not Provided 2021-08-10 2021-08-10
CVE-2021-29679 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutrali... Not Provided 2021-10-15 2021-10-15
CVE-2021-24438 The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parame... Not Provided 2021-08-30 2021-08-30
CVE-2021-22988 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x befor... 8.8 - HIGH 2021-03-31 2021-04-05
CVE-2021-22987 On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x befor... 9.9 - CRITICAL 2021-03-31 2021-04-05

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationF5Big-ip Analytics16.0.1.1AllAllAll
ApplicationF5Big-ip Analytics16.0.1AllAllAll
ApplicationF5Big-ip Analytics16.0.0AllAllAll
ApplicationF5Big-ip Analytics15.1.2AllAllAll
ApplicationF5Big-ip Analytics15.1.1AllAllAll
ApplicationF5Big-ip Analytics15.1.0.5AllAllAll
ApplicationF5Big-ip Analytics15.1.0.4AllAllAll
ApplicationF5Big-ip Analytics15.1.0.3AllAllAll
ApplicationF5Big-ip Analytics15.1.0.2AllAllAll
ApplicationF5Big-ip Analytics15.1.0.1AllAllAll
ApplicationF5Big-ip Analytics15.1.0AllAllAll
ApplicationF5Big-ip Analytics15.0.1.4AllAllAll
ApplicationF5Big-ip Analytics15.0.1.3AllAllAll
ApplicationF5Big-ip Analytics15.0.1.2AllAllAll
ApplicationF5Big-ip Analytics15.0.1.1AllAllAll
ApplicationF5Big-ip Analytics15.0.1.0.48.11AllAllAll
ApplicationF5Big-ip Analytics15.0.1.0.33.11AllAllAll
ApplicationF5Big-ip Analytics15.0.1AllAllAll
ApplicationF5Big-ip Analytics15.0.0AllAllAll
ApplicationF5Big-ip Analytics14.1.3.1AllAllAll

Popular searches for Big-ip Analytics

TMUI RCE vulnerability CVE-2020-5902

support.f5.com/csp/article/K52145254

$TMUI RCE vulnerability CVE-2020-5902 Product: BIG-IP , BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics , BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP FPS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP PEM. Product: F5 App Protect, F5 DDoS Hybrid Defender, F5 SSL Orchestrator. The Traffic Management User Interface TMUI , also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP Ps, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.

F5 Networks Vulnerability (computing) Computer configuration Utility software Common Vulnerabilities and Exposures IP address User (computing) Command (computing) Assembly language Analytics Privacy-Enhanced Mail Denial-of-service attack Execution (computing) Computer file Application software Transport Layer Security Authentication Hybrid kernel User interface Arbitrary code execution

BIG-IP SSL vulnerability CVE-2017-6168

support.f5.com/csp/article/K21905460

G-IP SSL vulnerability CVE-2017-6168 Product: BIG-IP , BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics , BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP M. HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle MiTM attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Exploiting this vulnerability to perform plaintext recovery of encrypted messages will, in most practical cases, allow an attacker to read the plaintext only after the session has completed. Only TLS sessions established using RSA key exchange are vulnerable to this attack.

F5 Networks Transport Layer Security Vulnerability (computing) RSA (cryptosystem) Plaintext Client (computing) Encryption Man-in-the-middle attack Common Vulnerabilities and Exposures Key exchange Privacy-Enhanced Mail Analytics Public-key cryptography Elliptic-curve Diffie–Hellman Assembly language Security hacker Server (computing) Ciphertext Diffie–Hellman key exchange Advanced Power Management

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report