Lucene search

K
F5Big-ip Advanced Web Application Firewall*

11 matches found

CVE
CVE
added 2022/01/25 8:15 p.m.162 views

CVE-2022-23027

On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop ...

5.3CVSS5.5AI score0.00628EPSS
CVE
CVE
added 2022/01/25 8:15 p.m.113 views

CVE-2022-23030

On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentatio...

5.3CVSS5.6AI score0.00591EPSS
CVE
CVE
added 2022/01/25 8:15 p.m.90 views

CVE-2022-23025

On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reache...

7.5CVSS7.5AI score0.00753EPSS
CVE
CVE
added 2022/01/25 8:15 p.m.86 views

CVE-2022-23023

On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software ver...

6.5CVSS6.6AI score0.00321EPSS
CVE
CVE
added 2022/01/25 8:15 p.m.84 views

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utili...

4.3CVSS4.9AI score0.00296EPSS
CVE
CVE
added 2022/01/25 8:15 p.m.68 views

CVE-2022-23029

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have...

5.3CVSS5.6AI score0.00513EPSS
CVE
CVE
added 2022/10/19 10:15 p.m.64 views

CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even w...

3.7CVSS4.5AI score0.0015EPSS
CVE
CVE
added 2022/10/19 10:15 p.m.61 views

CVE-2022-41617

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

7.2CVSS7.5AI score0.03412EPSS
CVE
CVE
added 2022/01/25 8:15 p.m.60 views

CVE-2022-23031

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface ...

4.9CVSS5.1AI score0.00374EPSS
CVE
CVE
added 2022/10/19 10:15 p.m.60 views

CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

7.5CVSS7.6AI score0.00344EPSS
CVE
CVE
added 2022/10/19 10:15 p.m.59 views

CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

7.5CVSS7.6AI score0.0041EPSS