Big-ip Advanced Web Application Firewall Security Vulnerabilities and Issues — Big-ip Advanced Web Application Firewall CVE List

Lucene search

F5Big-ip Advanced Web Application Firewall

4 matches found

CVE•added 2023/08/02 4:15 p.m.•2516 views

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

4.3CVSS4.8AI score0.00164EPSS

CVE•added 2023/08/02 4:15 p.m.•70 views

CVE-2023-38138

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

7.5CVSS6.2AI score0.00519EPSS

CVE•added 2023/08/02 4:15 p.m.•54 views

CVE-2023-3470

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information re...

6.1CVSS6.1AI score0.00071EPSS

CVE•added 2023/08/02 4:15 p.m.•46 views

CVE-2023-38423

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.4CVSS5.3AI score0.00342EPSS