NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nginx_api_connectivity_manager | F5 | 1.0.0 (including) | 1.5.0 (excluding) |
Nginx_instance_manager | F5 | 2.0.0 (including) | 2.9.0 (excluding) |
Nginx_security_monitoring | F5 | 1.0.0 (including) | 1.3.0 (excluding) |