First published: Wed Aug 14 2024(Updated: )
When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP Next Central Manager | >=20.1.0<=20.2.0 | 20.2.1 |
F5 BIG-IP Next Central Manager | >=20.1.0<20.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-41719 has been classified as a medium severity vulnerability due to the potential exposure of sensitive information in logs.
To fix CVE-2024-41719, it is recommended to upgrade the F5 BIG-IP Next Central Manager to a version that is not affected by this vulnerability.
Versions 20.1.0 to 20.2.0 of F5 BIG-IP Next Central Manager are affected by CVE-2024-41719.
CVE-2024-41719 exposes F5 iHealth credentials in the BIG-IP Central Manager logs.
Currently, there are no documented workarounds for CVE-2024-41719, and upgrading to a patched version is the suggested mitigation.