VDB
CNVD-2024-22210
CNVD-2024-22210
PUBLISHED
CVSS 7.5 HIGH
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP Next Central Manager存在OData注入漏洞,攻击者可利用该漏洞向API发送精心编制的SQL语句,从而使攻击者能够查看、添加、修改或删除后端数据库中的信息。
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | big-ip_next_central_manager | 20.0.1 |
| F5 | BIG-IP Next Central Manager | 20.0.1 |
Exploit Intelligence
- https://my.f5.com/manage/s/article/K000138732 (circl)
- CIRCL seen: CVE-2024-21793 (circl-sighting)
- FeatherStark/CVE-2024-21793 (github-poc)
- FeatherStark/CVE-2024-21793 (github-poc)
Timeline
- May 8, 2024 CVE Published
- May 10, 2024 CVE ID Reserved
- May 18, 2024 PoC Published
References
- https://my.f5.com/manage/s/article/K000138732 vendor-advisory