Lucene search
K

108 matches found

OSV
OSV
added 2022/05/05 5:15 p.m.3 views

CVE-2022-26890

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Sessi...

7.5CVSS5.8AI score0.00868EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/04 2:0 p.m.10 views

CVE-2022-26890

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Sessi...

7.5CVSS5.9AI score0.00868EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.6 views

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...

4.3CVSS5.8AI score0.00739EPSS
Exploits0References2
OSV
OSV
added 2022/01/25 8:15 p.m.8 views

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...

4.3CVSS5.8AI score0.00739EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 9:15 p.m.3 views

CVE-2021-23030

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software...

7.5CVSS7.3AI score0.00961EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 7:15 p.m.0 views

CVE-2021-23031

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which...

9.9CVSS5.8AI score0.02072EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 7:15 p.m.4 views

CVE-2021-23036

On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.4AI score0.00933EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 6:15 p.m.3 views

CVE-2021-23033

On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software version...

7.5CVSS5.8AI score0.00933EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.4 views

F5 BIG-IP 操作系统命令注入漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An unspecified vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which, when cracked, allows an authenticated...

9.9CVSS6.1AI score0.02072EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.18 views

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability is associated with a policy on Virtul Serve...

5.3CVSS5.6AI score0.00919EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.6 views

F5 BIG-IP 输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP Advanced WAF and ASM WebSocket, which originates from the BIG-IP...

7.5CVSS5.8AI score0.00933EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.5 views

F5 BIG-IP ASM 输入验证错误漏洞

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. An input validation error vulnerability exists in BIG-IP ASM that stems from insufficient...

7.5CVSS7.3AI score0.00961EPSS
Exploits0References4
OSV
OSV
added 2021/03/31 6:15 p.m.3 views

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

4.3CVSS5.8AI score0.00572EPSS
Exploits0References1
OSV
OSV
added 2021/03/31 6:15 p.m.4 views

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

8.8CVSS7.3AI score0.00921EPSS
Exploits0References1
OSV
OSV
added 2021/03/31 5:15 p.m.4 views

CVE-2021-22990

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the...

7.2CVSS7.2AI score0.08838EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.5 views

The vulnerability of the Advanced WAF/ASM TMUI application protection component of BIG-IP allows attackers to execute arbitrary commands, modify, or delete files.

The vulnerability of the Advanced WAF/ASM TMUI application protection component in BIG-IP is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary commands, modify or delete files remotely...

9.1CVSS8AI score0.08838EPSS
Exploits1References2Affected Software14
OSV
OSV
added 2021/02/12 8:15 p.m.5 views

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

6.1CVSS7.3AI score0.00632EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/11 12:0 a.m.11 views

BIG-IP Advanced WAF and ASM Resource Management Error Vulnerability

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A resource management error vulnerability exists in BIG-IP Advanced WAF and ASM, which arises from...

7.5CVSS7.2AI score0.00961EPSS
Exploits0References4
OSV
OSV
added 2020/12/24 4:15 p.m.3 views

CVE-2020-27728

On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon AVRD may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices...

7.5CVSS7.1AI score0.01002EPSS
Exploits0References1
OSV
OSV
added 2020/12/24 3:15 p.m.3 views

CVE-2020-27718

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

7.5CVSS7.1AI score0.01031EPSS
Exploits0References1
Rows per page
Query Builder