Description
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A directory traversal vulnerability exists in F5 BIG-IP iControl SOAP, which can be exploited to send a carefully crafted request to the iControl SOAP interface to obtain the BIG-IP system's wsdl file.
Affected Software
Related
{"id": "CNVD-2022-74718", "vendorId": null, "type": "cnvd", "bulletinFamily": "cnvd", "title": "F5 BIG-IP iControl SOAP directory traversal vulnerability", "description": "F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A directory traversal vulnerability exists in F5 BIG-IP iControl SOAP, which can be exploited to send a carefully crafted request to the iControl SOAP interface to obtain the BIG-IP system's wsdl file.", "published": "2022-05-07T00:00:00", "modified": "2022-11-07T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-74718", "reporter": "China National Vulnerability Database", "references": [], "cvelist": ["CVE-2022-29474"], "immutableFields": [], "lastseen": "2022-11-07T17:42:21", "viewCount": 30, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-29474"]}, {"type": "f5", "idList": ["F5:K55879220", "F5:K59904248"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL59904248.NASL"]}]}, "score": {"value": 3.5, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "f5 big-ip (all modules) >=14.1.0\uff0c", "version": 14}, {"name": "f5 big-ip (all modules) >=15.1.0\uff0c", "version": 15}, {"name": "f5 big-ip (all modules) >=16.1.0\uff0c", "version": 16}, {"name": "f5 big-ip (all modules) >=12.1.0\uff0c", "version": 12}, {"name": "f5 big-ip (all modules) >=13.1.0\uff0c", "version": 13}, {"name": "f5 big-ip (all modules) >=11.6.1\uff0c", "version": 11}]}, "epss": [{"cve": "CVE-2022-29474", "epss": "0.000460000", "percentile": "0.128310000", "modified": "2023-03-20"}], "vulnersScore": 3.5}, "_state": {"dependencies": 1667842975, "score": 1684017570, "affected_software_major_version": 1671611801, "epss": 1679345642}, "_internal": {"score_hash": "a44079e4fc84740d1ec9563c8f21d1a1"}, "vendorCVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "affectedSoftware": [{"version": "14.1.4", "operator": "le", "name": "f5 big-ip (all modules) >=14.1.0\uff0c"}, {"version": "15.1.5", "operator": "le", "name": "f5 big-ip (all modules) >=15.1.0\uff0c"}, {"version": "16.1.2", "operator": "le", "name": "f5 big-ip (all modules) >=16.1.0\uff0c"}, {"version": "12.1.6", "operator": "le", "name": "f5 big-ip (all modules) >=12.1.0\uff0c"}, {"version": "13.1.4", "operator": "le", "name": "f5 big-ip (all modules) >=13.1.0\uff0c"}, {"version": "11.6.5", "operator": "le", "name": "f5 big-ip (all modules) >=11.6.1\uff0c"}]}
{"nessus": [{"lastseen": "2023-05-18T14:46:15", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory.\n\n - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (CVE-2022-29474)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-29474"], "modified": "2022-05-16T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL59904248.NASL", "href": "https://www.tenable.com/plugins/nessus/160547", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K59904248.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160547);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2022-29474\");\n script_xref(name:\"IAVA\", value:\"2022-A-0189\");\n\n script_name(english:\"F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 /\n17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory.\n\n - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior\n to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal\n vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role\n privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of\n Technical Support (EoTS) are not evaluated (CVE-2022-29474)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K59904248\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K59904248.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K59904248';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '17.0.0','16.1.2.2','15.1.5.1','14.1.4.6','13.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-05-31T14:31:31", "description": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-05-05T17:15:00", "type": "cve", "title": "CVE-2022-29474", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29474"], "modified": "2022-05-12T21:00:00", "cpe": ["cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.5", "cpe:/a:f5:big-ip_application_security_manager:15.1.3", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.1.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.1", "cpe:/a:f5:big-ip_access_policy_manager:13.1.5", "cpe:/a:f5:big-ip_application_security_manager:15.1.2", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.4", "cpe:/a:f5:big-ip_domain_name_system:12.1.2", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.2", "cpe:/a:f5:big-ip_application_security_manager:11.6.3", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.2", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:15.1.0", "cpe:/a:f5:big-ip_link_controller:16.1.1", "cpe:/a:f5:big-ip_domain_name_system:14.1.2", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.3", "cpe:/a:f5:big-ip_access_policy_manager:12.1.4", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.1", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.4", "cpe:/a:f5:big-ip_global_traffic_manager:15.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.5", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.5", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.5", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.3", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.3", "cpe:/a:f5:big-ip_application_security_manager:15.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.4", "cpe:/a:f5:big-ip_domain_name_system:15.1.0", "cpe:/a:f5:big-ip_application_security_manager:12.1.5", "cpe:/a:f5:big-ip_fraud_protection_service:16.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.3", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.5", "cpe:/a:f5:big-ip_analytics:15.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.4", "cpe:/a:f5:big-ip_application_acceleration_manager:17.0.0", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.0", "cpe:/a:f5:big-ip_application_acceleration_manager:15.1.5", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.3", "cpe:/a:f5:big-ip_access_policy_manager:16.1.0", "cpe:/a:f5:big-ip_access_policy_manager:13.1.0", "cpe:/a:f5:big-ip_access_policy_manager:11.6.3", "cpe:/a:f5:big-ip_access_policy_manager:12.1.2", "cpe:/a:f5:big-ip_access_policy_manager:15.1.5", "cpe:/a:f5:big-ip_fraud_protection_service:15.1.4", "cpe:/a:f5:big-ip_global_traffic_manager:15.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.4", "cpe:/a:f5:big-ip_domain_name_system:15.1.2", "cpe:/a:f5:big-ip_link_controller:15.1.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.4", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.1", "cpe:/a:f5:big-ip_application_security_manager:14.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.5", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.1", "cpe:/a:f5:big-ip_link_controller:13.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.1", "cpe:/a:f5:big-ip_application_security_manager:13.1.4", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.3", "cpe:/a:f5:big-ip_application_security_manager:13.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.2", "cpe:/a:f5:big-ip_domain_name_system:16.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.2", "cpe:/a:f5:big-ip_domain_name_system:11.6.5", "cpe:/a:f5:big-ip_domain_name_system:15.1.4", "cpe:/a:f5:big-ip_analytics:13.1.5", "cpe:/a:f5:big-ip_domain_name_system:14.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.0", "cpe:/a:f5:big-ip_application_security_manager:11.6.5", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.5", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.3", "cpe:/a:f5:big-ip_domain_name_system:16.1.1", "cpe:/a:f5:big-ip_domain_name_system:13.1.1", "cpe:/a:f5:big-ip_domain_name_system:11.6.4", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.6", "cpe:/a:f5:big-ip_domain_name_system:16.1.2", "cpe:/a:f5:big-ip_fraud_protection_service:16.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.4", "cpe:/a:f5:big-ip_application_security_manager:16.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:15.1.4", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.0", "cpe:/a:f5:big-ip_application_security_manager:12.1.1", "cpe:/a:f5:big-ip_analytics:17.0.0", "cpe:/a:f5:big-ip_application_security_manager:12.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.5", "cpe:/a:f5:big-ip_fraud_protection_service:16.1.2", "cpe:/a:f5:big-ip_application_security_manager:11.6.2", "cpe:/a:f5:big-ip_analytics:12.1.5", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.2", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.2", "cpe:/a:f5:big-ip_fraud_protection_service:15.1.3", "cpe:/a:f5:big-ip_link_controller:13.1.5", "cpe:/a:f5:big-ip_application_acceleration_manager:15.1.1", "cpe:/a:f5:big-ip_analytics:16.1.2", "cpe:/a:f5:big-ip_link_controller:15.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:16.1.1", "cpe:/a:f5:big-ip_link_controller:15.1.5", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.4", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.0", "cpe:/a:f5:big-ip_analytics:12.1.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:16.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:17.0.0", "cpe:/a:f5:big-ip_application_security_manager:12.1.6", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.3", "cpe:/a:f5:big-ip_local_traffic_manager:16.1.0", "cpe:/a:f5:big-ip_link_controller:12.1.5", "cpe:/a:f5:big-ip_domain_name_system:15.1.3", "cpe:/a:f5:big-ip_analytics:12.1.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:14.1.0", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.2", "cpe:/a:f5:big-ip_analytics:14.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.6", "cpe:/a:f5:big-ip_global_traffic_manager:17.0.0", "cpe:/a:f5:big-ip_application_security_manager:13.1.1", "cpe:/a:f5:big-ip_access_policy_manager:11.6.2", "cpe:/a:f5:big-ip_link_controller:12.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.2", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.1", "cpe:/a:f5:big-ip_link_controller:14.1.4", "cpe:/a:f5:big-ip_link_controller:12.1.4", "cpe:/a:f5:big-ip_application_security_manager:11.6.1", "cpe:/a:f5:big-ip_analytics:11.6.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.0", "cpe:/a:f5:big-ip_link_controller:11.6.5", "cpe:/a:f5:big-ip_domain_name_system:15.1.1", "cpe:/a:f5:big-ip_access_policy_manager:11.6.1", "cpe:/a:f5:big-ip_fraud_protection_service:15.1.5", "cpe:/a:f5:big-ip_application_security_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:15.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.5", "cpe:/a:f5:big-ip_application_acceleration_manager:15.1.2", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_domain_name_system:11.6.2", "cpe:/a:f5:big-ip_global_traffic_manager:15.1.2", "cpe:/a:f5:big-ip_link_controller:11.6.2", "cpe:/a:f5:big-ip_domain_name_system:13.1.4", "cpe:/a:f5:big-ip_analytics:12.1.2", "cpe:/a:f5:big-ip_analytics:15.1.2", "cpe:/a:f5:big-ip_application_security_manager:11.6.4", "cpe:/a:f5:big-ip_domain_name_system:13.1.0", "cpe:/a:f5:big-ip_application_security_manager:14.1.2", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.4", "cpe:/a:f5:big-ip_analytics:15.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.3", "cpe:/a:f5:big-ip_domain_name_system:17.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.1", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.1", "cpe:/a:f5:big-ip_link_controller:11.6.1", "cpe:/a:f5:big-ip_link_controller:13.1.4", "cpe:/a:f5:big-ip_analytics:16.1.0", "cpe:/a:f5:big-ip_application_security_manager:15.1.4", "cpe:/a:f5:big-ip_analytics:13.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.3", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.6", "cpe:/a:f5:big-ip_application_security_manager:15.1.0", "cpe:/a:f5:big-ip_analytics:14.1.0", "cpe:/a:f5:big-ip_analytics:13.1.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.1.3", "cpe:/a:f5:big-ip_link_controller:12.1.3", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.1", "cpe:/a:f5:big-ip_fraud_protection_service:17.0.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.6", "cpe:/a:f5:big-ip_link_controller:14.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.1.2", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.2", "cpe:/a:f5:big-ip_domain_name_system:12.1.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:16.1.1", "cpe:/a:f5:big-ip_link_controller:11.6.4", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.4", "cpe:/a:f5:big-ip_analytics:14.1.2", "cpe:/a:f5:big-ip_link_controller:12.1.6", "cpe:/a:f5:big-ip_analytics:11.6.2", "cpe:/a:f5:big-ip_access_policy_manager:16.1.2", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.2", "cpe:/a:f5:big-ip_access_policy_manager:14.1.4", "cpe:/a:f5:big-ip_analytics:14.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.3", "cpe:/a:f5:big-ip_link_controller:11.6.3", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:15.1.2", "cpe:/a:f5:big-ip_link_controller:14.1.3", "cpe:/a:f5:big-ip_link_controller:13.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:17.0.0", "cpe:/a:f5:big-ip_analytics:12.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.2", "cpe:/a:f5:big-ip_analytics:15.1.5", "cpe:/a:f5:big-ip_application_security_manager:16.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.2", "cpe:/a:f5:big-ip_analytics:13.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.1.3", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.5", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.0", "cpe:/a:f5:big-ip_access_policy_manager:13.1.3", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.2", "cpe:/a:f5:big-ip_access_policy_manager:12.1.0", "cpe:/a:f5:big-ip_domain_name_system:12.1.6", "cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.0", "cpe:/a:f5:big-ip_access_policy_manager:14.1.3", "cpe:/a:f5:big-ip_application_security_manager:15.1.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:16.1.2", "cpe:/a:f5:big-ip_fraud_protection_service:15.1.1", "cpe:/a:f5:big-ip_domain_name_system:12.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.5", "cpe:/a:f5:big-ip_access_policy_manager:13.1.4", "cpe:/a:f5:big-ip_link_controller:12.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:16.1.2", "cpe:/a:f5:big-ip_global_traffic_manager:16.1.1", "cpe:/a:f5:big-ip_access_policy_manager:17.0.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.5", "cpe:/a:f5:big-ip_global_traffic_manager:15.1.4", "cpe:/a:f5:big-ip_application_security_manager:13.1.5", "cpe:/a:f5:big-ip_domain_name_system:13.1.3", "cpe:/a:f5:big-ip_application_acceleration_manager:15.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.2", "cpe:/a:f5:big-ip_domain_name_system:12.1.1", "cpe:/a:f5:big-ip_link_controller:15.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:15.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.4", "cpe:/a:f5:big-ip_local_traffic_manager:15.1.5", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.3", "cpe:/a:f5:big-ip_access_policy_manager:13.1.1", "cpe:/a:f5:big-ip_access_policy_manager:12.1.3", "cpe:/a:f5:big-ip_analytics:12.1.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.1.2", "cpe:/a:f5:big-ip_application_acceleration_manager:16.1.2", "cpe:/a:f5:big-ip_application_security_manager:13.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.4", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.2", "cpe:/a:f5:big-ip_domain_name_system:12.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:16.1.1", "cpe:/a:f5:big-ip_fraud_protection_service:15.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.2", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.1.5", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.6", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.3", "cpe:/a:f5:big-ip_application_acceleration_manager:16.1.0", "cpe:/a:f5:big-ip_application_security_manager:14.1.4", "cpe:/a:f5:big-ip_analytics:15.1.1", "cpe:/a:f5:big-ip_domain_name_system:13.1.5", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_access_policy_manager:12.1.6", "cpe:/a:f5:big-ip_access_policy_manager:15.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:15.1.2", "cpe:/a:f5:big-ip_access_policy_manager:16.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:15.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.1", "cpe:/a:f5:big-ip_domain_name_system:12.1.4", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.2", "cpe:/a:f5:big-ip_application_acceleration_manager:16.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.0", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.0", "cpe:/a:f5:big-ip_access_policy_manager:15.1.3", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:15.1.1", "cpe:/a:f5:big-ip_link_controller:15.1.2", "cpe:/a:f5:big-ip_local_traffic_manager:15.1.3", "cpe:/a:f5:big-ip_link_controller:17.0.0", "cpe:/a:f5:big-ip_analytics:11.6.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.0", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.0", "cpe:/a:f5:big-ip_domain_name_system:11.6.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.2", "cpe:/a:f5:big-ip_application_security_manager:12.1.2", "cpe:/a:f5:big-ip_application_security_manager:17.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.4", "cpe:/a:f5:big-ip_analytics:11.6.3", "cpe:/a:f5:big-ip_application_acceleration_manager:15.1.0", "cpe:/a:f5:big-ip_application_security_manager:12.1.3", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:16.1.2", "cpe:/a:f5:big-ip_domain_name_system:15.1.5", "cpe:/a:f5:big-ip_analytics:11.6.4", "cpe:/a:f5:big-ip_access_policy_manager:12.1.5", "cpe:/a:f5:big-ip_analytics:15.1.4", "cpe:/a:f5:big-ip_link_controller:14.1.2", "cpe:/a:f5:big-ip_link_controller:16.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.1", "cpe:/a:f5:big-ip_application_security_manager:16.1.2", "cpe:/a:f5:big-ip_access_policy_manager:15.1.2", "cpe:/a:f5:big-ip_access_policy_manager:14.1.2", "cpe:/a:f5:big-ip_link_controller:15.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.6", "cpe:/a:f5:big-ip_advanced_firewall_manager:16.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.3", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.3", "cpe:/a:f5:big-ip_local_traffic_manager:16.1.2", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.5", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.1.0", "cpe:/a:f5:big-ip_access_policy_manager:12.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_global_traffic_manager:16.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:17.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:15.1.3", "cpe:/a:f5:big-ip_access_policy_manager:15.1.0", "cpe:/a:f5:big-ip_link_controller:16.1.2", "cpe:/a:f5:big-ip_analytics:12.1.6", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.4", "cpe:/a:f5:big-ip_application_security_manager:14.1.0", "cpe:/a:f5:big-ip_link_controller:13.1.1", "cpe:/a:f5:big-ip_domain_name_system:11.6.1", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.5", "cpe:/a:f5:big-ip_link_controller:12.1.2", "cpe:/a:f5:big-ip_access_policy_manager:11.6.4", "cpe:/a:f5:big-ip_access_policy_manager:11.6.5", "cpe:/a:f5:big-ip_analytics:16.1.1", "cpe:/a:f5:big-ip_analytics:13.1.4", "cpe:/a:f5:big-ip_domain_name_system:14.1.3", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.1", "cpe:/a:f5:big-ip_domain_name_system:14.1.4"], "id": "CVE-2022-29474", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29474", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:f5:big-ip_link_controller:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:16.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2022-07-28T00:21:53", "description": "A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. ([CVE-2022-29474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29474>))\n\nImpact\n\nAn authenticated attacker with at least guest role privileges may exploit this vulnerability by sending a crafted request to iControl SOAP. If the exploit is successful, an attacker can read **wsdl** files in the BIG-IP file system. There is no data plane exposure; this is a control plane issue only.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-05-04T11:56:00", "type": "f5", "title": "iControl SOAP vulnerability CVE-2022-29474", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29474"], "modified": "2022-07-28T00:06:00", "id": "F5:K59904248", "href": "https://support.f5.com/csp/article/K59904248", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-05-06T23:47:00", "description": "On May 4, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated security advisory.\n\nDistributed Cloud and Managed Services\n\nService | Status \n---|--- \nF5 Distributed Cloud Services | Does not affect or has been resolved \nSilverline | Does not affect or has been resolved \nThreat Stack | Does not affect or has been resolved \n \n * [Critical CVEs](<https://support.f5.com/csp/article/K55879220#critical>)\n * [High CVEs](<https://support.f5.com/csp/article/K55879220#high>)\n * [Medium CVEs](<https://support.f5.com/csp/article/K55879220#medium>)\n * [Low CVEs](<https://support.f5.com/csp/article/K55879220#low>)\n * [Security Exposures](<https://support.f5.com/csp/article/K55879220#exposure>)\n\nCritical CVEs\n\nSecurity Advisory (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in \n---|---|---|---|--- \n[K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388](<https://support.f5.com/csp/article/K23605346>) | 9.8 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n\nHigh CVEs\n\nSecurity Advisory (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in \n---|---|---|---|--- \n[K52322100: Authenticated F5 BIG-IP Guided Configuration integrity check in Appliance mode vulnerability CVE-2022-25946](<https://support.f5.com/csp/article/K52322100>) | 8.7 - Appliance mode only | BIG-IP Guided Configuration | 3.0 - 8.0 | 9.0 \nBIG-IP (ASM, Advanced WAF, APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0.8 - 13.1.5 | 17.0.0 \n[K68647001: Authenticated F5 BIG-IP Guided Configuration in Appliance mode vulnerability CVE-2022-27806](<https://support.f5.com/csp/article/K68647001>) | 8.7 - Appliance mode only | BIG-IP Guided Configuration | 3.0 - 8.0 | 9.0 \nBIG-IP (Advanced WAF, APM, ASM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0.8 - 13.1.5 | 17.0.0 \n[K70300233: BIG-IP TMUI XSS vulnerability CVE-2022-28707](<https://support.f5.com/csp/article/K70300233>) | 8.0 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n[K33552735: BIG-IP Edge Client for Windows vulnerability CVE-2022-29263](<https://support.f5.com/csp/article/K33552735>) | 7.8 | BIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \nBIG-IP APM Clients | 7.1.8 - 7.2.1 | 7.2.2 \n7.2.1.5 \n[K81952114: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-26415](<https://support.f5.com/csp/article/K81952114>) | 7.7 - Appliance mode only | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K23454411: DNS profile vulnerability CVE-2022-26372](<https://support.f5.com/csp/article/K23454411>) | 7.5 | BIG-IP (all modules) | 15.1.0 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 16.0.0 \n15.1.0.2 \n14.1.4.6 \n13.1.5 \n[K25451853: TMUI XSS vulnerability CVE-2022-28716](<https://support.f5.com/csp/article/K25451853>) | 7.5 | BIG-IP (AFM, CGNAT, PEM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K16187341: BIG-IP ICAP profile vulnerability CVE-2022-27189](<https://support.f5.com/csp/article/K16187341>) | 7.5 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K21317311: F5 BIG-IP Guided Configuration XSS vulnerability CVE-2022-27230](<https://support.f5.com/csp/article/K21317311>) | 7.5 | BIG-IP Guided Configuration | 3.0 - 8.0 | 9.0 \nBIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0.8 - 13.1.5 | 17.0.0 \n[K37155600: BIG-IP RTSP profile vulnerability CVE-2022-28691](<https://support.f5.com/csp/article/K37155600>) | 7.5 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.4 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5 \n14.1.4.6 \n13.1.5 \n[K14229426: BIG-IP SSL vulnerability CVE-2022-29491](<https://support.f5.com/csp/article/K14229426>) | 7.5 | BIG-IP (LTM, Advanced WAF, ASM, APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.4 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.5 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5 \n14.1.4.6 \n[K52340447: F5 ePVA vulnerability CVE-2022-28705](<https://support.f5.com/csp/article/K52340447>) | 7.5 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K03442392: BIG-IP ASM and F5 Advanced WAF vulnerability CVE-2022-26890](<https://support.f5.com/csp/article/K03442392>) | 7.5 | BIG-IP (ASM, Advanced WAF, APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.4 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 17.0.0 \n16.1.2.1 \n15.1.5 \n14.1.4.6 \n13.1.5 \n[K99123750: BIG-IP Stream profile vulnerability CVE-2022-28701](<https://support.f5.com/csp/article/K99123750>) | 7.5 | BIG-IP (all modules) | 16.1.0 - 16.1.2 | 17.0.0 \n16.1.2.2 \n[K41440465: BIG-IP TMM vulnerability CVE-2022-26071](<https://support.f5.com/csp/article/K41440465>) | 7.4 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K54460845: BIG-IP Edge Client for Windows vulnerability CVE-2022-28714](<https://support.f5.com/csp/article/K54460845>) | 7.3 | BIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \nBIG-IP APM Clients | 7.2.1 - 7.2.1 \n7.1.6 - 7.1.9 | 7.2.2 \n7.2.1.5 \n[K08510472: BIG-IP TMUI vulnerability CVE-2022-28695](<https://support.f5.com/csp/article/K08510472>) | 7.2 - Standard deployment mode | BIG-IP (AFM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n9.1 - Appliance mode \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n\nMedium CVEs\n\nSecurity Advisory (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in \n---|---|---|---|--- \n[K92807525: TMUI XSS vulnerability CVE-2022-27878](<https://support.f5.com/csp/article/K92807525>) | 6.8 | BIG-IP Guided Configuration | 6.0 - 8.0 | 9.0 \nBIG-IP (all modules) | 16.0.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0.4 - 13.1.5 | 17.0.0 \n[K94093538: NGINX Service Mesh control plane vulnerability CVE-2022-27495](<https://support.f5.com/csp/article/K94093538>) | 6.5 | NGINX Service Mesh | 1.3.0 - 1.3.1 | 1.4.0 \n[K57555833: BIG-IP APM vulnerability CVE-2022-27634](<https://support.f5.com/csp/article/K57555833>) | 6.5 | BIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n[K47662005: BIG-IP Net HSM script vulnerability CVE-2022-28859](<https://support.f5.com/csp/article/K47662005>) | 6.5 | BIG-IP (all modules) | 16.0.0 - 16.0.1 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.0 \n15.1.5.1 \n14.1.4.6 \n[K06323049: BIG-IP IPsec ALG vulnerability CVE-2022-29473](<https://support.f5.com/csp/article/K06323049>) | 5.9 | BIG-IP (all modules) | 15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 16.1.0 \n15.1.5.1 \n14.1.4.5 \n13.1.5 \n[K51539421: BIG-IP SIP ALG profile vulnerability CVE-2022-26370](<https://support.f5.com/csp/article/K51539421>) | 5.9 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.4 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5 \n14.1.4.6 \n[K54082580: BIG-IP CGNAT LSN vulnerability CVE-2022-26517](<https://support.f5.com/csp/article/K54082580>) | 5.9 | BIG-IP (all modules) | 16.0.0 - 16.0.1 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 17.0.0 \n16.1.0 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K03755971: BIG-IP DNS resolver vulnerability CVE-2022-28706](<https://support.f5.com/csp/article/K03755971>) | 5.9 | BIG-IP (all modules) | 16.0.0 - 16.1.1 \n15.1.0 - 15.1.5 | 17.0.0 \n16.1.2 \n15.1.5.1 \n[K85054496: BIG-IP DNS resolver vulnerability CVE-2022-28708](<https://support.f5.com/csp/article/K85054496>) | 5.9 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n[K40019131: F5 Access for Android vulnerability CVE-2022-27875](<https://support.f5.com/csp/article/K40019131>) | 5.5 | F5 Access for Android | 3.0.6 - 3.0.7 | 3.0.8 \n[K57110035: BIG-IP APM Edge client for Windows logging vulnerability CVE-2022-27636](<https://support.f5.com/csp/article/K57110035>) | 5.5 | BIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \nBIG-IP APM Clients | 7.1.6 - 7.2.1 | 7.2.1.5 \n[K44233515: F5OS-A vulnerability CVE-2022-25990](<https://support.f5.com/csp/article/K44233515>) | 5.3 | F5OS-A | 1.0.0 | 1.0.1 \n[K82034427: BIG-IP FTP profile vulnerability CVE-2022-26130](<https://support.f5.com/csp/article/K82034427>) | 5.3 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K71103363: BIG-IP big3d vulnerability CVE-2022-29480](<https://support.f5.com/csp/article/K71103363>) | 5.3 | BIG-IP (all modules) | 13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 14.0.0 \n13.1.5 \n[K64124988: TMM IPv6 stack vulnerability CVE-2022-29479](<https://support.f5.com/csp/article/K64124988>) | 5.3 | BIG-IP (all modules) | 16.0.0 - 16.0.1 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.0 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \nBIG-IQ Centralized Management | 8.0.0 - 8.2.0 \n7.0.0 - 7.1.0 | None \n[K31856317: BIG-IP Packet Filters vulnerability CVE-2022-27182](<https://support.f5.com/csp/article/K31856317>) | 5.3 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n[K93543114: BIG-IP APM vulnerability CVE-2022-27181](<https://support.f5.com/csp/article/K93543114>) | 5.3 | BIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K53197140: BIG-IP iControl REST and tmsh vulnerabilities CVE-2022-26835](<https://support.f5.com/csp/article/K53197140>) | 4.9 - Standard deployment mode | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n6.8 - Appliance mode \n[K38271531: BIG-IP and BIG-IQ SCP vulnerability CVE-2022-26340](<https://support.f5.com/csp/article/K38271531>) | 4.9 | BIG-IP (all modules) | 16.0.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \nBIG-IQ Centralized Management | 8.0.0 - 8.2.0 \n7.0.0 - 7.1.0 | None \n[K24248011: Traffix SDC Configuration utility vulnerability CVE-2022-27662](<https://support.f5.com/csp/article/K24248011>) | 4.8 | Traffix SDC | 5.2.0 \n5.1.0 | 5.2.2 \n5.1.35 \n[K17341495: Traffix SDC Configuration utility vulnerability CVE-2022-27880](<https://support.f5.com/csp/article/K17341495>) | 4.8 | Traffix SDC | 5.2.0 \n5.1.0 | 5.2.2 \n5.1.35 \n[K15101402: iControl REST vulnerability CVE-2022-1468](<https://support.f5.com/csp/article/K15101402>) | 4.3 | BIG-IP (all modules) | 17.0.0 \n16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.5 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | None \n[K41877405: BIG-IP TMUI vulnerability CVE-2022-27659](<https://support.f5.com/csp/article/K41877405>) | 4.3 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n[K59904248: iControl SOAP vulnerability CVE-2022-29474](<https://support.f5.com/csp/article/K59904248>) | 4.3 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n\nLow CVEs\n\nSecurity Advisory (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in \n---|---|---|---|--- \n[K49905324: BIG-IP TMUI CSRF vulnerability CVE-2022-1389](<https://support.f5.com/csp/article/K49905324>) | 3.1 | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.5 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n\nSecurity Exposures\n\nSecurity Advisory (Exposure) | Affected products | Affected versions1 | Fixes introduced in \n---|---|---|--- \n[K68816502: A BIG-IP LTM policy referencing an external data group may not match traffic](<https://support.f5.com/csp/article/K68816502>) | BIG-IP (all modules) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.5 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n[K74302282: BIG-IP APM RDP resource security exposure](<https://support.f5.com/csp/article/K74302282>) | BIG-IP (APM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K70134152: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect encoded directory traversal security exposure](<https://support.f5.com/csp/article/K70134152>) | BIG-IP (Advanced WAF, ASM) | 16.1.0 \n15.1.0 - 15.1.3 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.1 \n15.1.4 \n14.1.4.4 \n13.1.5 \nNGINX App Protect | 3.0.0 - 3.6.0 \n2.0.0 - 2.3.0 \n1.0.0 - 1.3.0 | 3.7.0 \n[K80945213: BIG-IP ASM and F5 Advanced WAF attack signature check failure security exposure](<https://support.f5.com/csp/article/K80945213>) | BIG-IP (Advanced WAF, ASM) | 15.1.0 - 15.1.4 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 16.1.0 \n15.1.4.1 \n14.1.4.4 \n13.1.5 \n[K67397230: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect normalizing security exposure](<https://support.f5.com/csp/article/K67397230>) | BIG-IP (Advanced WAF, ASM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.4 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.2.1 \n15.1.5 \n14.1.4.6 \nNGINX App Protect | 3.0.0 - 3.6.0 \n2.0.0 - 2.3.0 \n1.0.0 - 1.3.0 | 3.7.0 \n[K53593534: BIG-IP ASM and F5 Advanced WAF attack signature check failure on certain HTTP requests](<https://support.f5.com/csp/article/K53593534>) | BIG-IP (Advanced WAF, ASM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K39002226: F5 Advanced WAF and BIG-IP ASM multipart request security exposure](<https://support.f5.com/csp/article/K39002226>) | BIG-IP (Advanced WAF, ASM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K94142349: BIG-IP Advanced WAF and ASM WebSocket security exposure](<https://support.f5.com/csp/article/K94142349>) | BIG-IP (Advanced WAF, ASM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K85021277: BIG-IP DNSSEC security exposure](<https://support.f5.com/csp/article/K85021277>) | BIG-IP (DNS) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 \n13.1.0 - 13.1.4 \n12.1.0 - 12.1.6 \n11.6.1 - 11.6.5 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n13.1.5 \n[K92306170: BIG-IP AFM single endpoint flood/sweep DoS vector security exposure ](<https://support.f5.com/csp/article/K92306170>) | BIG-IP (AFM) | 16.1.0 - 16.1.2 \n15.1.0 - 15.1.5 \n14.1.0 - 14.1.4 | 17.0.0 \n16.1.2.2 \n15.1.5.1 \n14.1.4.6 \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-04T13:13:00", "type": "f5", "title": "Overview of F5 vulnerabilities (May 2022)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1388", "CVE-2022-1389", "CVE-2022-1468", "CVE-2022-25946", "CVE-2022-25990", "CVE-2022-26071", "CVE-2022-26130", "CVE-2022-26340", "CVE-2022-26370", "CVE-2022-26372", "CVE-2022-26415", "CVE-2022-26517", "CVE-2022-26835", "CVE-2022-26890", "CVE-2022-27181", "CVE-2022-27182", "CVE-2022-27189", "CVE-2022-27230", "CVE-2022-27495", "CVE-2022-27634", "CVE-2022-27636", "CVE-2022-27659", "CVE-2022-27662", "CVE-2022-27806", "CVE-2022-27875", "CVE-2022-27878", "CVE-2022-27880", "CVE-2022-28691", "CVE-2022-28695", "CVE-2022-28701", "CVE-2022-28705", "CVE-2022-28706", "CVE-2022-28707", "CVE-2022-28708", "CVE-2022-28714", "CVE-2022-28716", "CVE-2022-28859", "CVE-2022-29263", "CVE-2022-29473", "CVE-2022-29474", "CVE-2022-29479", "CVE-2022-29480", "CVE-2022-29491"], "modified": "2022-05-04T13:13:00", "id": "F5:K55879220", "href": "https://support.f5.com/csp/article/K55879220", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
F5 BIG-IP iControl SOAP directory traversal vulnerability
