F5

Big-ip Advanced Web Application Firewall

153 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-61990

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 15:19:52
  • Zuletzt bearbeitet 21.10.2025 12:12:24

When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-58071

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 15:19:46
  • Zuletzt bearbeitet 21.10.2025 19:17:54

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-61935

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 15:19:46
  • Zuletzt bearbeitet 21.10.2025 12:12:43

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.9

CVE-2025-54755

  • EPSS 0.3%
  • Veröffentlicht 15.10.2025 13:55:55
  • Zuletzt bearbeitet 21.10.2025 19:51:22

A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5

CVE-2025-59483

  • EPSS 0.08%
  • Veröffentlicht 15.10.2025 13:55:55
  • Zuletzt bearbeitet 21.10.2025 19:35:20

A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

9.1

CVE-2025-59481

  • EPSS 0.08%
  • Veröffentlicht 15.10.2025 13:55:54
  • Zuletzt bearbeitet 21.10.2025 19:34:06

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges.  A successful ...

9.1

CVE-2025-61958

  • EPSS 0.08%
  • Veröffentlicht 15.10.2025 13:55:53
  • Zuletzt bearbeitet 21.10.2025 20:45:14

A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG-IP systems running in Appliance mode, a successfu...

7.5

CVE-2025-53521

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:52
  • Zuletzt bearbeitet 21.10.2025 20:19:15

When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-58096

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:52
  • Zuletzt bearbeitet 21.10.2025 19:30:28

When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End o...

9.1

CVE-2025-53868

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 15.10.2025 13:55:51
  • Zuletzt bearbeitet 21.10.2025 19:50:38

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software versions which have reached End of Technical Support ...