CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2022-23028

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versio...

EUVD-2021-10111

Malware in sbrugna...

EUVD-2024-19377

Malicious code in bioql PyPI...

EUVD-2024-21258

Malicious code in bioql PyPI...

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

Default configuration

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

Default credentials

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to terminate. NOTE: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-21763

CVE-2024-21763 affects BIG-IP AFM (part of BIG-IP) where when DoS or a DoS profile is configured with NXDOMAIN attack vectors and bad-actor detection, undisclosed queries can trigger a crash of the Traffic Management Microkernel (TMM), causing a DoS condition. The primary published details indica...

CVE-2024-23805 F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

K55237223: BIG-IP Advanced WAF and ASM XSS vulnerability CVE-2021-22993

Security Advisory Description DOM-based XSS on DoS Profile properties page. CVE-2021-22993 Impact An attacker can inject a malicious script into the BIG-IP Advanced WAF and ASM Configuration utility and trick users into executing malicious code. Security Advisory Status F5 Product Development has...

K23432927: The BIG-IP ASM system may redirect a client request to an incorrect URL

Security Advisory Description The BIG-IP ASM system may redirect a client request to an incorrect URL after the client browser passes the client-side integrity defense JavaScript challenge. This issue occurs when all of the following conditions are met: You have enabled the Client Side Integrity...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

Design/Logic Flaw

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22993

CVE-2021-22993 affects BIG-IP Advanced WAF and BIG-IP ASM. The vulnerability is a DOM-based XSS on the DoS Profile properties page in affected versions: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3. The root cause is DOM-...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22984

CVE-2021-22984 affects F5 BIG-IP ASM/Advanced WAF Bot Defense open redirection. Affected: BIG-IP with Bot Defense or DoS profiles may redirect unauthenticated requests to a malicious URI, producing HTTP 307 redirects. Impact: potential phishing or credential theft through unexpected redirects. Af...

F5 Networks BIG-IP : BIG-IP ASM Bot Defense open redirection vulnerability (K33440533)

When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may subject clients and web servers to...

F5 Networks BIG-IP : BIG-IP DoS profile vulnerability (K88474783)

Under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied. CVE-2020-5879 Impact The affected system sends some requests to the back-end server without encryption, possibly leaking sensitive data. Therequests...