Blog

iControl SOAP vulnerability CVE-2022-41622 Security Advisory Security Advisory Description BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. (CVE ... More info: https://support.f5.com/csp/article/K94221585?utm_source=f5support&utm_medium=RSS

BIG-IP and BIG-IQ improvements disclosed by Rapid7 Security Advisory Security Advisory Description BIG-IP and BIG-IQ improvements disclosed by Rapid7 Important: F5 recognizes these issues are ... More info: https://support.f5.com/csp/article/K05403841?utm_source=f5support&utm_medium=RSS

Overview of F5 vulnerabilities (November 2022) Security Advisory Security Advisory Description On November 16, 2022, F5 announced the following issues. This document is intended to serve as an ... More info: https://support.f5.com/csp/article/K97843387?utm_source=f5support&utm_medium=RSS

Appliance mode iControl REST vulnerability CVE-2022-41800 Security Advisory Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may ... More info: https://support.f5.com/csp/article/K13325942?utm_source=f5support&utm_medium=RSS

Contributors: Deborah Snyder and Nikki Benoit Executive Summary VMware Carbon Black Managed Detection and Response (MDR) analysts are constantly handling security incidents within our customer environments and tracking emerging and persistent malware campaigns. One such threat that has been particularly prevalent over the last couple of months is BatLoader. Named by Mandiant [1], BatLoader is … ContinuedThe post BATLOADER: The Evasive Downloader Malware appeared first on VMware Security More info: https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=batloader-the-evasive-downloader-malware

OpenSSL vulnerability CVE-2019-1547 Security Advisory Security Advisory Description Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code ... More info: https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS

Initial Publication Date: 2022/11/01 09:00 PDT AWS is aware of the recently reported issues regarding OpenSSL 3.0 (CVE-2022-3602 and CVE-2022-3786). AWS services are not affected, and no customer action is required. Additionally, Amazon Linux 1 and Amazon Linux 2 do not ship with OpenSSL 3.0 and are not affected by these issues. Customers utilizing Amazon Linux 2022, Bottlerocket OS or ECS-optimized Amazon Machine Images (AMIs) on Amazon ECS should read the instructions below. As a security More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-008/

OpenSSL vulnerability CVE-2019-1549 Security Advisory Security Advisory Description OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in ... More info: https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS

Intel Processors RRSBA advisory CVE-2022-28693 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it ... More info: https://support.f5.com/csp/article/K69334442?utm_source=f5support&utm_medium=RSS

Multiple MySQL vulnerabilities CVE-2022-21569, CVE-2022-21824, CVE-2022-22968, CVE-2022-27778 Security Advisory Security Advisory Description CVE-2022-21569 Vulnerability in the MySQL Server ... More info: https://support.f5.com/csp/article/K35802610?utm_source=f5support&utm_medium=RSS