F5

Big-ip Application Security Manager

492 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-23555

  • EPSS 0.36%
  • Published 01.02.2023 18:15:11
  • Last modified 21.11.2024 07:46:24

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed tra...

5.9

CVE-2023-22302

  • EPSS 0.36%
  • Published 01.02.2023 18:15:10
  • Last modified 21.11.2024 07:44:29

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests ...

7.5

CVE-2023-22323

  • EPSS 0.32%
  • Published 01.02.2023 18:15:10
  • Last modified 21.11.2024 07:44:31

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an incre...

4.9

CVE-2023-22326

  • EPSS 0.18%
  • Published 01.02.2023 18:15:10
  • Last modified 21.11.2024 07:44:32

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iCon...

8.8

CVE-2022-41622

  • EPSS 81.26%
  • Published 07.12.2022 04:15:10
  • Last modified 21.11.2024 07:23:31

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7

CVE-2022-41800

  • EPSS 92.7%
  • Published 07.12.2022 04:15:10
  • Last modified 21.11.2024 07:23:52

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the a...

7.5

CVE-2022-41832

  • EPSS 0.43%
  • Published 19.10.2022 22:15:13
  • Last modified 21.11.2024 07:23:53

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory ...

7.5

CVE-2022-41833

  • EPSS 0.51%
  • Published 19.10.2022 22:15:13
  • Last modified 21.11.2024 07:23:54

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.

7.5

CVE-2022-41836

  • EPSS 0.44%
  • Published 19.10.2022 22:15:13
  • Last modified 21.11.2024 07:23:54

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

3.7

CVE-2022-41983

  • EPSS 0.16%
  • Published 19.10.2022 22:15:13
  • Last modified 21.11.2024 07:24:12

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions...