F5

Big-ip

67 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-2507

  • EPSS 0.12%
  • Veröffentlicht 18.02.2026 15:55:28
  • Zuletzt bearbeitet 18.02.2026 17:51:53

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.9

CVE-2026-22548

Medienbericht
  • EPSS 0.1%
  • Veröffentlicht 04.02.2026 15:02:05
  • Zuletzt bearbeitet 13.02.2026 21:44:47

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Te...

4.3

CVE-2026-20732

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 04.02.2026 15:02:05
  • Zuletzt bearbeitet 13.02.2026 21:44:33

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-61990

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 15:19:52
  • Zuletzt bearbeitet 21.10.2025 12:12:24

When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.1

CVE-2025-61933

  • EPSS 0.03%
  • Veröffentlicht 15.10.2025 15:19:49
  • Zuletzt bearbeitet 21.10.2025 12:12:54

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Su...

7.5

CVE-2025-61935

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 15:19:46
  • Zuletzt bearbeitet 21.10.2025 12:12:43

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-58071

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 15:19:46
  • Zuletzt bearbeitet 21.10.2025 19:17:54

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5

CVE-2025-59483

  • EPSS 0.05%
  • Veröffentlicht 15.10.2025 13:55:55
  • Zuletzt bearbeitet 21.10.2025 19:35:20

A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.9

CVE-2025-54755

  • EPSS 0.22%
  • Veröffentlicht 15.10.2025 13:55:55
  • Zuletzt bearbeitet 27.01.2026 13:30:32

A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5

CVE-2025-61974

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 13:55:55
  • Zuletzt bearbeitet 21.10.2025 21:09:04

When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.