Big-ip Advanced Web Application Firewall Security Vulnerabilities and Issues — Page 3 of Big-ip Advanced Web Application Firewall CVE List

Lucene search

F5Big-ip Advanced Web Application Firewall

109 matches found

CVE•added 2023/05/03 3:15 p.m.•44 views

CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5CVSS7.6AI score0.00402EPSS

CVE•added 2020/10/29 2:15 p.m.•42 views

CVE-2020-5938

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.

6.5CVSS6.4AI score0.00125EPSS

CVE•added 2020/11/05 8:15 p.m.•41 views

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

6.5CVSS6.4AI score0.00154EPSS

CVE•added 2023/05/03 3:15 p.m.•41 views

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Softwa...

4.3CVSS4.7AI score0.00604EPSS

CVE•added 2021/09/14 1:15 p.m.•40 views

CVE-2021-23048

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traf...

7.5CVSS7.7AI score0.00891EPSS

CVE•added 2024/02/14 5:15 p.m.•40 views

CVE-2024-21789

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5CVSS7.6AI score0.00267EPSS

CVE•added 2024/02/14 5:15 p.m.•40 views

CVE-2024-23603

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

8.8CVSS5.3AI score0.00274EPSS

CVE•added 2024/02/14 5:15 p.m.•37 views

CVE-2024-21849

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5CVSS7.6AI score0.00308EPSS

CVE•added 2024/02/14 5:15 p.m.•30 views

CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL...

7.5CVSS7.6AI score0.00362EPSS

Total number of security vulnerabilities109