Blog

Security Advisory Description Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password ... More info: https://my.f5.com/manage/s/article/K000135449?utm_source=f5support&utm_medium=RSS

Security Advisory Description Audit logs on the F5OS-A system may contain undisclosed sensitive information. (CVE-2023-36494) Impact This vulnerability may allow a high privileged authenticated ... More info: https://my.f5.com/manage/s/article/K000134922?utm_source=f5support&utm_medium=RSS

Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in ... More info: https://my.f5.com/manage/s/article/K000133474?utm_source=f5support&utm_medium=RSS

Security Advisory Description On August 2, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact ... More info: https://my.f5.com/manage/s/article/K000135479?utm_source=f5support&utm_medium=RSS

Security Advisory Description An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. More info: https://my.f5.com/manage/s/article/K000132563?utm_source=f5support&utm_medium=RSS

As organizations move away from traditional application architecture, they are embracing the changes and benefits that cloud native offers. It’s important to remember that the term “cloud native” doesn’t necessarily mean that an application and all its components are running in the cloud. It simply means that it you are using methodologies that enable portability and … ContinuedThe post Announcing Cloud Native Detection and Response for Carbon Black appeared first More info: https://blogs.vmware.com/security/2023/08/announcing-cloud-native-detection-and-response-for-carbon-black.html?utm_source=rss&utm_medium=rss&utm_campaign=announcing-cloud-native-detection-and-response-for-carbon-black

Security Advisory Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs ... More info: https://my.f5.com/manage/s/article/K000135674?utm_source=f5support&utm_medium=RSS

Publication Date: 07/28/2023 3:30PM PDT AWS is aware of CVE-2023-20593, otherwise known as "Zenbleed", and can confirm this issue affected AMD “Zen 2”, also known as “Rome”, CPUs that power the C5a, C5ad, G4ad, and G5 instance families. Because of the design of the EC2 Nitro hypervisor, there is no risk of cross-instance data access. The updated microcode from AMD has been applied to all C5a, C5ad, G4ad, and G5 instances. No action is required from customers More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-004/

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that ... More info: https://my.f5.com/manage/s/article/K000135635?utm_source=f5support&utm_medium=RSS

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that ... More info: https://my.f5.com/manage/s/article/K000135636?utm_source=f5support&utm_medium=RSS