F5

Big-ip Advanced Web Application Firewall

153 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.8

CVE-2024-23603

  • EPSS 0.29%
  • Veröffentlicht 14.02.2024 17:15:13
  • Zuletzt bearbeitet 05.09.2025 15:51:22

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5

CVE-2024-21789

  • EPSS 0.27%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 12.12.2024 19:11:30

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

7.5

CVE-2024-21849

  • EPSS 0.31%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 12.12.2024 19:10:52

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of T...

9.8

CVE-2023-46747

Warnung Exploit
  • EPSS 94.44%
  • Veröffentlicht 26.10.2023 21:15:08
  • Zuletzt bearbeitet 27.10.2025 17:07:09

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions wh...

8.8

CVE-2023-46748

Warnung Exploit
  • EPSS 3.88%
  • Veröffentlicht 26.10.2023 21:15:08
  • Zuletzt bearbeitet 27.10.2025 17:07:05

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execut...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.42%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.4

CVE-2023-45219

  • EPSS 0.11%
  • Veröffentlicht 10.10.2023 13:15:22
  • Zuletzt bearbeitet 21.11.2024 08:26:34

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions ...

7.5

CVE-2023-41085

  • EPSS 0.58%
  • Veröffentlicht 10.10.2023 13:15:21
  • Zuletzt bearbeitet 21.11.2024 08:20:32

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

9.9

CVE-2023-41373

  • EPSS 2.64%
  • Veröffentlicht 10.10.2023 13:15:21
  • Zuletzt bearbeitet 21.11.2024 08:21:10

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacke...

6.5

CVE-2023-41964

  • EPSS 0.2%
  • Veröffentlicht 10.10.2023 13:15:21
  • Zuletzt bearbeitet 21.11.2024 08:22:00

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.