F5

Big-ip Ssl Orchestrator

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-32761

  • EPSS 0.26%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:58

Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently r...

6.1

CVE-2024-33604

  • EPSS 0.52%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:35

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached ...

7.5

CVE-2024-33608

  • EPSS 0.31%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 21.10.2025 11:38:00

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.9

CVE-2024-28889

  • EPSS 0.31%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 21.10.2025 19:28:04

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Soft...

8

CVE-2024-31156

  • EPSS 0.95%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 21.10.2025 11:39:36

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached...

7.5

CVE-2024-25560

  • EPSS 0.36%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 11:40:17

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.7

CVE-2024-27202

  • EPSS 0.48%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 19:28:16

A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reac...

9.8

CVE-2023-46747

Warnung Exploit
  • EPSS 94.44%
  • Veröffentlicht 26.10.2023 21:15:08
  • Zuletzt bearbeitet 27.10.2025 17:07:09

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions wh...

8.8

CVE-2023-46748

Warnung Exploit
  • EPSS 3.88%
  • Veröffentlicht 26.10.2023 21:15:08
  • Zuletzt bearbeitet 27.10.2025 17:07:05

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execut...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.42%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.