F5

Big-ip Websafe

96 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-41727

  • EPSS 0.49%
  • Published 14.08.2024 15:15:27
  • Last modified 20.08.2024 19:25:12

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of ...

4.3

CVE-2024-41723

  • EPSS 0.35%
  • Published 14.08.2024 15:15:27
  • Last modified 20.08.2024 19:26:24

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2024-41164

  • EPSS 0.67%
  • Published 14.08.2024 15:15:27
  • Last modified 19.08.2024 18:39:06

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical...

7.5

CVE-2024-39778

  • EPSS 0.46%
  • Published 14.08.2024 15:15:26
  • Last modified 19.08.2024 16:20:52

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.8

CVE-2023-46748

Warning Exploit
  • EPSS 3.17%
  • Published 26.10.2023 21:15:08
  • Last modified 27.01.2025 21:31:47

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execut...

9.8

CVE-2023-46747

Warning Exploit
  • EPSS 94.44%
  • Published 26.10.2023 21:15:08
  • Last modified 02.04.2025 20:32:09

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions wh...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.4

CVE-2023-45219

  • EPSS 0.11%
  • Published 10.10.2023 13:15:22
  • Last modified 21.11.2024 08:26:34

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions ...

7.2

CVE-2023-42768

  • EPSS 0.43%
  • Published 10.10.2023 13:15:21
  • Last modified 21.11.2024 08:23:07

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have...

7.5

CVE-2023-41085

  • EPSS 0.58%
  • Published 10.10.2023 13:15:21
  • Last modified 21.11.2024 08:20:32

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.