F5

Big-ip Advanced Firewall Manager

512 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-41723

  • EPSS 0.35%
  • Veröffentlicht 14.08.2024 15:15:27
  • Zuletzt bearbeitet 20.08.2024 19:26:24

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2024-41727

  • EPSS 0.49%
  • Veröffentlicht 14.08.2024 15:15:27
  • Zuletzt bearbeitet 20.08.2024 19:25:12

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of ...

7.5

CVE-2024-39778

  • EPSS 0.57%
  • Veröffentlicht 14.08.2024 15:15:26
  • Zuletzt bearbeitet 19.08.2024 16:20:52

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.9

CVE-2024-32761

  • EPSS 0.26%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:58

Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently r...

6.1

CVE-2024-33604

  • EPSS 0.52%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:35

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached ...

7.5

CVE-2024-33608

  • EPSS 0.31%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:00

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.9

CVE-2024-28889

  • EPSS 0.31%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 21.10.2025 19:28:04

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Soft...

8

CVE-2024-31156

  • EPSS 0.95%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 21.10.2025 11:39:36

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached...

7.5

CVE-2024-25560

  • EPSS 0.36%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 11:40:17

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.7

CVE-2024-27202

  • EPSS 0.48%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 19:28:16

A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reac...