7.4AI Score
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached...
6.8CVSS
7.2AI Score
0.0004EPSS
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. ....
6.5CVSS
7.3AI Score
0.0004EPSS
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
7.1AI Score
0.0004EPSS
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.1CVSS
6AI Score
0.0004EPSS
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
8CVSS
5.8AI Score
0.0004EPSS
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical...
5.9CVSS
7.3AI Score
0.0004EPSS
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not...
4.4CVSS
6.8AI Score
0.0004EPSS
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.4CVSS
7.3AI Score
0.0004EPSS
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.4CVSS
7.2AI Score
0.0004EPSS
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
4.7CVSS
6AI Score
0.0004EPSS
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
8.3AI Score
0.0004EPSS
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
7.1AI Score
0.0004EPSS
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-32761 BIG-IP TMM tenants on VELOS and rSeries vulnerability
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. ....
6.5AI Score
0.0004EPSS
CVE-2024-33612 BIG-IP Next Central Manager vulnerability
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached...
6.4AI Score
0.0004EPSS
CVE-2024-26026 BIG-IP Central Manager SQL Injection
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.4AI Score
0.0004EPSS
CVE-2024-21793 BIG-IP Central Manager OData Injection Vulnerability
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.1AI Score
0.0004EPSS
CVE-2024-33604 BIG-IP Configuration utility XSS vulnerability
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
5.5AI Score
0.0004EPSS
CVE-2024-31156 BIG-IP Configuration utility XSS vulnerability
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
5.3AI Score
0.0004EPSS
CVE-2024-28132 BIG-IP NEXT CNF vulnerability
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6AI Score
0.0004EPSS
CVE-2024-27202 BIG-IP TMUI XSS vulnerability
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...
5.5AI Score
0.0004EPSS
CVE-2024-28889 BIG-IP SSL vulnerability
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical...
6.5AI Score
0.0004EPSS
CVE-2024-32049 BIG-IP Next Central Manager vulnerability
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.7AI Score
0.0004EPSS
CVE-2024-25560 TMM Vulnerability
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.5AI Score
0.0004EPSS
CVE-2024-33608 BIG-IP IPsec vulnerability
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.5AI Score
0.0004EPSS
CVE-2024-28883 BIG-IP APM browser network access VPN client vulnerability
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.4AI Score
0.0004EPSS
Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...
8.5AI Score
K11342432 : BIG-IP HTTP non-RFC-compliant security exposure
Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....
7.2AI Score
K000138744 : BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883
Security Advisory Description An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. (CVE-2024-28883) Impact A remote unauthenticated attacker with a man-in-the-middle (MITM) position may exploit.....
7.4CVSS
7.2AI Score
0.0004EPSS
F5 Networks BIG-IP : Apache httpd vulnerability (K000139447)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139447 advisory. HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious...
7.1AI Score
K000138913 : BIG-IP Next CNF vulnerability CVE-2024-28132
Security Advisory Description Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing (GSLB) container, which may allow an authenticated attacker with administrator role privileges to view sensitive information. (CVE-2024-28132) Impact An authenticated attacker....
4.4CVSS
6.7AI Score
0.0004EPSS
K000139012 : BIG-IP Next Central Manager vulnerability CVE-2024-33612
Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary....
6.8CVSS
6.7AI Score
0.0004EPSS
K000138636 : BIG-IP Configuration utility XSS vulnerability CVE-2024-31156
Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-31156) Impact An authenticated attacker may exploit.....
8CVSS
5.3AI Score
0.0004EPSS
K000139447 : Apache httpd vulnerability CVE-2024-24795
Security Advisory Description HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...
6.8AI Score
0.0004EPSS
Survey Maker < 4.1.0 - IP Address Spoofing
Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.0.9 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it...
6.9AI Score
0.0004EPSS
K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks
Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP.....
7.3AI Score
K000138520 : BIG-IP Configuration utility vulnerability CVE-2024-27202
Security Advisory Description A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-27202) Impact An attacker may exploit this...
4.7CVSS
5.6AI Score
0.0004EPSS
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...
6.7AI Score
K000138733 : BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026
Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-26026) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API...
7.5CVSS
8.4AI Score
0.0004EPSS
K000138912 : BIG-IP SSL vulnerability CVE-2024-28889
Security Advisory Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-28889) Impact Traffic.....
5.9CVSS
7.1AI Score
0.0004EPSS
K000138634 : BIG-IP Next Central Manager vulnerability CVE-2024-32049
Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. (CVE-2024-32049) Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle (MITM) position between a BIG-IP Next.....
7.4CVSS
7.2AI Score
0.0004EPSS
Oracle Linux 9 : gnutls (ELSA-2024-2570)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2570 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
6.3AI Score
K000138894 : BIG-IP Configuration utility XSS vulnerability CVE-2024-33604
Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-33604) Impact An attacker may exploit this...
6.1CVSS
5.6AI Score
0.0004EPSS
Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled (for example, all or.....
7.1AI Score
K000139404 : Quarterly Security Notification (May 2024)
Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
6.9AI Score
0.0004EPSS
GLSA-202405-29 : Node.js: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-29 (Node.js: Multiple Vulnerabilities) The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774) A flaw was found in c-ares library, where a missing input validation check of...
9.4AI Score
K000139217 : BIG-IP TMM tenants on VELOS and rSeries vulnerability CVE-2024-32761
Security Advisory Description Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is.....
6.5CVSS
6.8AI Score
0.0004EPSS
K000139037: TMM vulnerability CVE-2024-25560
Security Advisory Description When BIG-IP AFM is licensed and provisioned, and a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-25560) Impact Traffic is disrupted while the TMM process restarts. This...
7.5AI Score
0.0004EPSS
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking PoC Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...
6.5AI Score