Lucene search
K

9 matches found

The Hacker News
The Hacker News
added 2026/03/28 7:7 a.m.8 views

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager APM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 CVSS v4...

9.8CVSS6.6AI score0.02246EPSS
Exploits0
OSV
OSV
added 2023/02/01 6:15 p.m.7 views

CVE-2023-22341

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the...

7.5CVSS7.1AI score0.00626EPSS
Exploits0References1
OSV
OSV
added 2022/05/05 5:15 p.m.4 views

CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive AP...

5.5CVSS5.5AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/04 2:0 p.m.2 views

CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive AP...

5.5CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/05/04 2:0 p.m.7 views

CVE-2022-28714

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in...

7.8CVSS7.1AI score0.00288EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2020/04/30 9:15 p.m.3 views

CVE-2020-5889

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client...

5.4CVSS6.1AI score0.0072EPSS
Exploits0References1
OSV
OSV
added 2020/01/14 5:15 p.m.6 views

CVE-2020-5853

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict...

5.4CVSS6.1AI score0.00521EPSS
Exploits0References1
OSV
OSV
added 2019/12/23 6:15 p.m.4 views

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

4.9CVSS5.8AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2018/09/13 2:29 p.m.5 views

CVE-2018-15310

A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages...

4.3CVSS5.8AI score0.00873EPSS
Exploits0References1
Rows per page
Query Builder