F5

Big-ip Ssl Orchestrator

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-59269

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 13:55:42
  • Zuletzt bearbeitet 21.10.2025 19:33:38

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reache...

7.5

CVE-2025-53474

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:41
  • Zuletzt bearbeitet 21.10.2025 19:49:57

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...

7.5

CVE-2025-54500

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 13.08.2025 14:46:55
  • Zuletzt bearbeitet 03.11.2025 20:19:14

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Su...

8.7

CVE-2025-52585

  • EPSS 0.13%
  • Veröffentlicht 13.08.2025 14:46:53
  • Zuletzt bearbeitet 21.10.2025 18:25:29

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:...

8.7

CVE-2025-41399

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:09

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are no...

8.7

CVE-2025-41414

  • EPSS 0.11%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:21

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

8.7

CVE-2025-41433

  • EPSS 0.11%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:41

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ...

8.7

CVE-2025-36504

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:19
  • Zuletzt bearbeitet 21.10.2025 18:42:48

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7

CVE-2025-31644

Medienbericht
  • EPSS 0.07%
  • Veröffentlicht 07.05.2025 22:15:18
  • Zuletzt bearbeitet 21.10.2025 18:42:36

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system com...

8

CVE-2025-24320

  • EPSS 0.44%
  • Veröffentlicht 05.02.2025 18:15:34
  • Zuletzt bearbeitet 21.10.2025 18:30:58

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete f...