CVE-2024-37028
MEDIUMDescription
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | big-ip_next_central_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-37028? +
How severe is CVE-2024-37028? +
What products are affected by CVE-2024-37028? +
How do I check if I'm vulnerable to CVE-2024-37028? +
Related Vulnerabilities
Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication …
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following …
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout …
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other …
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code …
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their …