CVE-2023-28656

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_security_monitoring:*:*:*:*:*:*:*:*

History

13 Feb 2025, 17:16

Type Values Removed Values Added
Summary (en) NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (en) NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

21 Nov 2024, 07:55

Type Values Removed Values Added
References () https://my.f5.com/manage/s/article/K000133417 - Vendor Advisory () https://my.f5.com/manage/s/article/K000133417 - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20230609-0006/ - () https://security.netapp.com/advisory/ntap-20230609-0006/ -

09 Jun 2023, 08:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230609-0006/ -

10 May 2023, 18:56

Type Values Removed Values Added
CPE cpe:2.3:a:f5:nginx_security_monitoring:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*
References (MISC) https://my.f5.com/manage/s/article/K000133417 - (MISC) https://my.f5.com/manage/s/article/K000133417 - Vendor Advisory

03 May 2023, 15:23

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-03 15:15

Updated : 2025-02-13 17:16


NVD link : CVE-2023-28656

Mitre link : CVE-2023-28656

CVE.ORG link : CVE-2023-28656


JSON object : View

Products Affected

f5

  • nginx_api_connectivity_manager
  • nginx_security_monitoring
  • nginx_instance_manager
CWE
CWE-639

Authorization Bypass Through User-Controlled Key