Lucene search
K

106 matches found

Prion
Prion
added 2022/05/05 5:15 p.m.37 views

Cross site scripting

On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM...

6.8CVSS7.7AI score0.00711EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2022/05/05 5:15 p.m.17 views

Directory traversal

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh comman...

4CVSS5.3AI score0.01775EPSS
Exploits0References1Affected Software11
Prion
Prion
added 2022/05/05 5:15 p.m.19 views

Authentication flaw

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance...

6CVSS8.9AI score0.00691EPSS
Exploits0References1Affected Software11
CVE
CVE
added 2022/05/05 4:40 p.m.93 views

CVE-2022-28708

CVE-2022-28708 affects F5 BIG-IP in 16.1.x (before 16.1.2.2) and 15.1.x (before 15.1.5.1) when a DNS resolver-enabled, HTTP-Explicit or SOCKS profile is on a virtual server. An undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate, resulting in functiona...

5.9CVSS6AI score0.00762EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2022/05/05 4:31 p.m.41 views

CVE-2022-27878

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

6.8CVSS6.3AI score0.00852EPSS
Exploits0References1
CVE
CVE
added 2022/05/05 4:28 p.m.82 views

CVE-2022-26517

CVE-2022-26517 affects F5 BIG-IP CGNAT Large Scale NAT (LSN) when the LSN pool is on a virtual server with packet filtering enabled. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, resulting in DoS. Affected branches and fixed versions per F5 advisory K540825...

7.5CVSS7.5AI score0.00764EPSS
Exploits0References1Affected Software11
CVE
CVE
added 2022/05/05 4:27 p.m.94 views

CVE-2022-26415

CVE-2022-26415 affects F5 BIG-IP in Appliance mode via an authenticated iControl REST endpoint, enabling bypass of appliance-mode restrictions. Affected versions include BIG-IP 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.5.1, 14.1.x prior to 14.1.4.6, 13.1.x prior to 13.1.5, and all 12.1.x. Re...

9.1CVSS9AI score0.00691EPSS
Exploits0References1Affected Software11
CVE
CVE
added 2022/05/05 4:26 p.m.89 views

CVE-2022-26372

CVE-2022-26372 affects F5 BIG-IP DNS profile: when a DNS listener on a virtual server uses DNS queueing (default), undisclosed requests can cause memory resource utilization to spike, leading to degraded performance or DoS. Affected branches and fixes per VULNERABILITY docs: BIG-IP 15.1.x before ...

7.5CVSS7.5AI score0.00843EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2022/05/05 4:19 p.m.29 views

CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

3.1CVSS4.9AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2022/05/05 4:18 p.m.3896 views

CVE-2022-1388

CVE-2022-1388 affects F5 BIG-IP iControl REST authentication. Affected: BIG-IP 16.1.x before 16.1.2.2; 15.1.x before 15.1.5.1; 14.1.x before 14.1.4.6; 13.1.x before 13.1.5; and all 12.1.x and 11.6.x. Root cause per CNVD/CISA: authentication bypass via iControl REST, enabling unauthenticated acces...

9.8CVSS9.7AI score0.99956EPSS
In wildExploits63References6Affected Software11
CVE
CVE
added 2022/05/05 4:9 p.m.93 views

CVE-2022-27189

CVE-2022-27189 affects BIG-IP ICAP profile on any BIG-IP module where an ICAP profile is configured on a virtual server, with undisclosed traffic potentially causing increased TMM memory resource utilization and DoS. Root cause: CWE-681 (type conversion). Affected branches and known-vulnerable ve...

7.5CVSS7.5AI score0.00868EPSS
Exploits0References1Affected Software11
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.31 views

F5 Networks BIG-IP : TMUI XSS vulnerability (K25451853)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K25451853 advisory. - On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...

8.8CVSS7.9AI score0.00711EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.21 views

F5 Networks BIG-IP : BIG-IP TMUI vulnerability (K08510472)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K08510472 advisory. - On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to...

7.2CVSS7.3AI score0.00843EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.28 views

F5 Networks BIG-IP : BIG-IP RTSP profile vulnerability (K37155600)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K37155600 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1...

7.5CVSS7.5AI score0.00868EPSS
Exploits0References2
NVD
NVD
added 2022/01/25 8:15 p.m.16 views

CVE-2022-23031

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface...

4.9CVSS0.00834EPSS
Exploits0References1
Prion
Prion
added 2022/01/25 8:15 p.m.19 views

Cross site scripting

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

4.3CVSS7.7AI score0.00797EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/01/25 8:15 p.m.22 views

Design/Logic Flaw

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...

7.1CVSS7.4AI score0.0092EPSS
Exploits0References1Affected Software11
Prion
Prion
added 2022/01/25 8:15 p.m.27 views

Design/Logic Flaw

On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition VE uses the ixlv driver which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor and TCP Segmentation...

4.3CVSS5.3AI score0.00889EPSS
Exploits0References1Affected Software14
Cvelist
Cvelist
added 2022/01/25 7:11 p.m.43 views

CVE-2022-23032

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support EoTS are not...

5.5AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 2022/01/25 7:11 p.m.97 views

CVE-2022-23016

CVE-2022-23016 affects BIG-IP: TLS 1.3 in SSL Forward Proxy on a virtual server can trigger TMM termination due to undisclosed requests. Affected: BIG-IP 16.0.0–16.1.1 and 15.1.0–15.1.4. Fixes: upgrade to 16.1.2 or 15.1.4.1 (per F5 advisory K91013510). In other lines of evidence, similar advisori...

7.5CVSS7.5AI score0.0092EPSS
Exploits0References1Affected Software11
Rows per page
Query Builder