106 matches found
CVE-2026-32673
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a...
PT-2026-40650
Name of the Vulnerable Software and Affected Versions BIG-IP Virtual Edition VE affected versions not specified BIG-IP hardware platforms affected versions not specified Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate when an SSL profile is configured...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration
Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...
EUVD-2025-34626
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61960 BIG-IP APM portal access vulnerability
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-59268 BIG-IP Configuration utility vulnerability
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
GHSA-7MM3-VFG8-7RG6 Babylon Finality Provider `MsgCommitPubRandList` replay attack
Summary A high vulnerability exists in the Babylon protocol's x/finality module due to a lack of domain separation in signed messages, combined with insufficient validation in the MsgCommitPubRandList handler. Specifically, the handler does not enforce that the submitted Commitment field is 32...
Babylon Finality Provider `MsgCommitPubRandList` replay attack
Summary A high vulnerability exists in the Babylon protocol's x/finality module due to a lack of domain separation in signed messages, combined with insufficient validation in the MsgCommitPubRandList handler. Specifically, the handler does not enforce that the submitted Commitment field is 32...
CVE-2025-22846 BIG-IP SIP Vulnerability
When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-45844
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-41164
When TCP profile with Multipath TCP enabled MPTCP is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-41723
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
CVE-2024-41719 BIG-IP Next Central Manager vulnerability
When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager CM, F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-39809 BIG-IP Next Central Manager vulnerability
The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-41719
CVE-2024-41719 affects BIG-IP Next Central Manager. When generating a QKView file of a BIG-IP Next instance from Central Manager, F5 iHealth credentials are logged in the BIG-IP Central Manager logs. The vulnerability is scoped to BIG-IP Next Central Manager (20.1.0–20.2.0 are listed as vulnerabl...
F5 Networks BIG-IP : BIG-IP Configuration utility XSS vulnerability (K000138636)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138636 advisory. - A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP...