F5

Big-ip Advanced Web Application Firewall

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-23805

  • EPSS 0.31%
  • Veröffentlicht 14.02.2024 17:15:14
  • Zuletzt bearbeitet 23.01.2025 19:52:22

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a v...

7.5

CVE-2024-23308

  • EPSS 0.36%
  • Veröffentlicht 14.02.2024 17:15:13
  • Zuletzt bearbeitet 12.12.2024 19:10:12

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in t...

3.8

CVE-2024-23603

  • EPSS 0.29%
  • Veröffentlicht 14.02.2024 17:15:13
  • Zuletzt bearbeitet 05.09.2025 15:51:22

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5

CVE-2024-21789

  • EPSS 0.27%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 12.12.2024 19:11:30

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

7.5

CVE-2024-21849

  • EPSS 0.31%
  • Veröffentlicht 14.02.2024 17:15:12
  • Zuletzt bearbeitet 12.12.2024 19:10:52

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of T...

9.8

CVE-2023-46747

Warnung Exploit
  • EPSS 94.44%
  • Veröffentlicht 26.10.2023 21:15:08
  • Zuletzt bearbeitet 27.10.2025 17:07:09

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions wh...

8.8

CVE-2023-46748

Warnung Exploit
  • EPSS 4.35%
  • Veröffentlicht 26.10.2023 21:15:08
  • Zuletzt bearbeitet 27.10.2025 17:07:05

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execut...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.39%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.4

CVE-2023-45219

  • EPSS 0.11%
  • Veröffentlicht 10.10.2023 13:15:22
  • Zuletzt bearbeitet 21.11.2024 08:26:34

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions ...

7.5

CVE-2023-41085

  • EPSS 0.58%
  • Veröffentlicht 10.10.2023 13:15:21
  • Zuletzt bearbeitet 21.11.2024 08:20:32

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.