Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:big-iq:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Big Iq (4983042e-c239-514b-85ed-53c42aa0ae15) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-23024 |
vulnerable | 2026-06-08 05:30:02.213235 |
Details available
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2021-06-10T14:35:08.000Z
Updated: 2024-08-03T18:58:26.279Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23006 |
vulnerable | 2026-06-08 05:30:02.140997 |
Details available
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Published: 2021-03-31T17:44:38.000Z
Updated: 2024-08-03T18:58:26.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-23005 |
vulnerable | 2026-06-08 05:30:02.140620 |
Details available
On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Published: 2021-03-31T17:41:35.000Z
Updated: 2024-08-03T18:58:26.261Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22997 |
vulnerable | 2026-06-08 05:30:02.114065 |
Details available
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Published: 2021-03-31T17:35:54.000Z
Updated: 2024-08-03T18:58:26.127Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22996 |
vulnerable | 2026-06-08 05:30:02.113634 |
Details available
On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Published: 2021-03-31T17:34:21.000Z
Updated: 2024-08-03T18:58:26.169Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22995 |
vulnerable | 2026-06-08 05:30:02.113242 |
Details available
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Published: 2021-03-31T16:45:54.000Z
Updated: 2024-08-03T18:58:26.170Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5944 |
vulnerable | 2026-06-08 05:26:44.290271 |
Details available
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944 will continue to be referenced in F5 Security Advisory K57274211 and will not be assigned to other F5 vulnerabilities.
Published: 2020-11-05T19:24:40.000Z
Updated: 2024-08-04T08:47:40.887Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5890 |
vulnerable | 2026-06-08 05:26:44.118931 |
Details available
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.
Published: 2020-04-30T21:08:17.000Z
Updated: 2024-08-04T08:47:40.901Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5873 |
vulnerable | 2026-06-08 05:26:44.083025 |
Details available
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.
Published: 2020-04-30T20:21:54.000Z
Updated: 2024-08-04T08:47:40.043Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5870 |
vulnerable | 2026-06-08 05:26:44.079799 |
Details available
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.
Published: 2020-04-24T13:17:01.000Z
Updated: 2024-08-04T08:47:40.689Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5869 |
vulnerable | 2026-06-08 05:26:44.079476 |
Details available
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.
Published: 2020-04-24T13:05:03.000Z
Updated: 2024-08-04T08:47:40.739Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5868 |
vulnerable | 2026-06-08 05:26:44.079040 |
Details available
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
Published: 2020-04-24T12:54:06.000Z
Updated: 2024-08-04T08:47:40.044Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6653 |
vulnerable | 2026-06-08 05:14:12.705749 |
Details available
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.
Published: 2019-09-25T18:00:09.000Z
Updated: 2024-08-04T20:23:22.424Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6652 |
vulnerable | 2026-06-08 05:14:12.705309 |
Details available
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).
Published: 2019-09-25T17:55:56.000Z
Updated: 2024-08-04T20:23:22.371Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6621 |
vulnerable | 2026-06-08 05:14:12.593364 |
Details available
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.
Published: 2019-07-02T20:19:39.000Z
Updated: 2024-08-04T20:23:22.143Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.