F5

Big-ip Advanced Web Application Firewall

109 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-28406

  • EPSS 0.6%
  • Published 03.05.2023 15:15:12
  • Last modified 21.11.2024 07:55:00

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not c...

7.5

CVE-2023-23552

  • EPSS 44.96%
  • Published 01.02.2023 18:15:11
  • Last modified 21.11.2024 07:46:24

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can...

7.5

CVE-2022-41836

  • EPSS 0.44%
  • Published 19.10.2022 22:15:13
  • Last modified 21.11.2024 07:23:54

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

3.7

CVE-2022-41983

  • EPSS 0.16%
  • Published 19.10.2022 22:15:13
  • Last modified 21.11.2024 07:24:12

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions...

7.2

CVE-2022-41617

  • EPSS 3.45%
  • Published 19.10.2022 22:15:12
  • Last modified 21.11.2024 07:23:30

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST...

7.5

CVE-2022-41691

  • EPSS 0.37%
  • Published 19.10.2022 22:15:12
  • Last modified 21.11.2024 07:23:39

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

7.5

CVE-2022-29491

  • EPSS 1.04%
  • Published 05.05.2022 17:15:15
  • Last modified 21.11.2024 06:59:10

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on o...

7.2

CVE-2022-27806

  • EPSS 0.66%
  • Published 05.05.2022 17:15:13
  • Last modified 21.11.2024 06:56:13

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the A...

7.5

CVE-2022-26890

  • EPSS 0.89%
  • Published 05.05.2022 17:15:12
  • Last modified 21.11.2024 06:54:44

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual ...

6.5

CVE-2022-25946

  • EPSS 0.13%
  • Published 05.05.2022 17:15:11
  • Last modified 21.11.2024 06:53:15

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administr...