CVE-2024-32761
- EPSS 0.47%
- Veröffentlicht 08.05.2024 15:15:10
- Zuletzt bearbeitet 04.02.2026 17:47:04
Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64...
CVE-2024-33604
- EPSS 0.31%
- Veröffentlicht 08.05.2024 15:15:10
- Zuletzt bearbeitet 21.10.2025 11:38:35
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached ...
CVE-2024-33608
- EPSS 0.59%
- Veröffentlicht 08.05.2024 15:15:10
- Zuletzt bearbeitet 21.10.2025 11:38:00
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-28889
- EPSS 0.44%
- Veröffentlicht 08.05.2024 15:15:09
- Zuletzt bearbeitet 21.10.2025 19:28:04
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Soft...
- EPSS 0.58%
- Veröffentlicht 08.05.2024 15:15:09
- Zuletzt bearbeitet 21.10.2025 11:39:36
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached...
CVE-2024-25560
- EPSS 0.52%
- Veröffentlicht 08.05.2024 15:15:08
- Zuletzt bearbeitet 21.10.2025 11:40:17
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-27202
- EPSS 0.27%
- Veröffentlicht 08.05.2024 15:15:08
- Zuletzt bearbeitet 21.10.2025 19:28:16
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reac...
CVE-2023-45219
- EPSS 0.18%
- Veröffentlicht 10.10.2023 13:15:22
- Zuletzt bearbeitet 21.11.2024 08:26:34
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions ...
CVE-2023-41085
- EPSS 0.52%
- Veröffentlicht 10.10.2023 13:15:21
- Zuletzt bearbeitet 21.11.2024 08:20:32
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-41964
- EPSS 0.24%
- Veröffentlicht 10.10.2023 13:15:21
- Zuletzt bearbeitet 21.11.2024 08:22:00
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.