F5

Big-ip Access Policy Manager

586 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2025-41431

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 06.08.2025 16:25:30

When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of T...

8.7

CVE-2025-41433

  • EPSS 0.11%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:41

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ...

8.7

CVE-2025-36504

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:19
  • Zuletzt bearbeitet 21.10.2025 18:42:48

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7

CVE-2025-36525

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:19
  • Zuletzt bearbeitet 29.09.2025 21:30:43

When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7

CVE-2025-31644

Medienbericht
  • EPSS 0.07%
  • Veröffentlicht 07.05.2025 22:15:18
  • Zuletzt bearbeitet 21.10.2025 18:42:36

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system com...

8

CVE-2025-24320

  • EPSS 0.44%
  • Veröffentlicht 05.02.2025 18:15:34
  • Zuletzt bearbeitet 21.10.2025 18:30:58

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete f...

3.1

CVE-2025-23415

  • EPSS 0.07%
  • Veröffentlicht 05.02.2025 18:15:32
  • Zuletzt bearbeitet 12.11.2025 14:42:15

An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access...

8.7

CVE-2025-22846

  • EPSS 0.34%
  • Veröffentlicht 05.02.2025 18:15:31
  • Zuletzt bearbeitet 10.09.2025 15:57:39

When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.   Note: Software versions which have reached End of Technical Su...

9.9

CVE-2025-23239

  • EPSS 0.46%
  • Veröffentlicht 05.02.2025 18:15:31
  • Zuletzt bearbeitet 07.11.2025 16:16:26

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have...

8.7

CVE-2025-23412

  • EPSS 0.34%
  • Veröffentlicht 05.02.2025 18:15:31
  • Zuletzt bearbeitet 12.11.2025 14:36:53

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.