F5

Big-ip Application Security Manager

574 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.32%
  • Veröffentlicht 15.10.2025 13:55:47
  • Zuletzt bearbeitet 21.10.2025 20:30:15

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate...

  • EPSS 0.32%
  • Veröffentlicht 15.10.2025 13:55:46
  • Zuletzt bearbeitet 22.10.2025 21:02:07

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • EPSS 0.39%
  • Veröffentlicht 15.10.2025 13:55:45
  • Zuletzt bearbeitet 21.10.2025 18:54:09

When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

  • EPSS 0.35%
  • Veröffentlicht 15.10.2025 13:55:45
  • Zuletzt bearbeitet 22.10.2025 19:18:59

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached...

  • EPSS 0.41%
  • Veröffentlicht 15.10.2025 13:55:44
  • Zuletzt bearbeitet 21.10.2025 18:53:07

When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions...

  • EPSS 0.21%
  • Veröffentlicht 15.10.2025 13:55:44
  • Zuletzt bearbeitet 04.02.2026 17:47:36

Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.  Note: Software versions which have reached End of Technical Support (EoTS)...

  • EPSS 0.35%
  • Veröffentlicht 15.10.2025 13:55:43
  • Zuletzt bearbeitet 22.10.2025 21:00:17

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests.  Note: Software ve...

  • EPSS 0.37%
  • Veröffentlicht 15.10.2025 13:55:42
  • Zuletzt bearbeitet 21.10.2025 19:33:09

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility.  Note: Software versions which have reached End of Technical Support (Eo...

  • EPSS 0.26%
  • Veröffentlicht 15.10.2025 13:55:42
  • Zuletzt bearbeitet 21.10.2025 19:33:38

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reache...

  • EPSS 0.32%
  • Veröffentlicht 15.10.2025 13:55:41
  • Zuletzt bearbeitet 21.10.2025 19:49:57

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...