F5 Nginx Api Connectivity Manager — known CVE vulnerabilities
Every CVE whose affected-product data names F5 Nginx Api Connectivity Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-28656 — CVSS 8.1 (high): NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment…
CVE-2023-28724 — CVSS 7.1 (high): NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX…
CVE-2024-10318 — CVSS 5.4 (medium): A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time…