F5

Big-ip Access Policy Manager

586 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-32761

  • EPSS 0.26%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:58

Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently r...

6.1

CVE-2024-33604

  • EPSS 0.52%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:35

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached ...

7.5

CVE-2024-33608

  • EPSS 0.31%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:00

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.4

CVE-2024-28883

  • EPSS 0.05%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 06.08.2025 15:56:39

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical...

5.9

CVE-2024-28889

  • EPSS 0.31%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 21.10.2025 19:28:04

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Soft...

8

CVE-2024-31156

  • EPSS 0.95%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 21.10.2025 11:39:36

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached...

7.5

CVE-2024-25560

  • EPSS 0.36%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 11:40:17

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.7

CVE-2024-27202

  • EPSS 0.48%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 19:28:16

A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reac...

7.6

CVE-2024-3661

Medienbericht Exploit
  • EPSS 2.48%
  • Veröffentlicht 06.05.2024 19:15:11
  • Zuletzt bearbeitet 15.01.2025 16:50:28

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local...

6

CVE-2024-23976

  • EPSS 0.02%
  • Veröffentlicht 14.02.2024 17:15:14
  • Zuletzt bearbeitet 05.09.2025 15:51:32

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical S...