F5

Big-ip Application Security Manager

540 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2023-22326

  • EPSS 0.45%
  • Veröffentlicht 01.02.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:44:32

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iCon...

8.8

CVE-2022-41622

  • EPSS 63.82%
  • Veröffentlicht 07.12.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:31

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7

CVE-2022-41800

  • EPSS 92.68%
  • Veröffentlicht 07.12.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:52

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the a...

7.5

CVE-2022-41832

  • EPSS 0.68%
  • Veröffentlicht 19.10.2022 22:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:53

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory ...

7.5

CVE-2022-41833

  • EPSS 0.94%
  • Veröffentlicht 19.10.2022 22:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:54

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.

7.5

CVE-2022-41836

  • EPSS 0.68%
  • Veröffentlicht 19.10.2022 22:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:54

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

3.7

CVE-2022-41983

  • EPSS 0.13%
  • Veröffentlicht 19.10.2022 22:15:13
  • Zuletzt bearbeitet 21.11.2024 07:24:12

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions...

7.2

CVE-2022-41617

  • EPSS 4.44%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:30

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST...

7.5

CVE-2022-41624

  • EPSS 0.65%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:31

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory ...

7.5

CVE-2022-41691

  • EPSS 0.68%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:39

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.