Lucene search

K
F5Big-ip Application Security Manager

492 matches found

CVE
CVE
added 2018/10/19 1:29 p.m.52 views

CVE-2018-15312

On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.

6.1CVSS5.9AI score0.00259EPSS
CVE
CVE
added 2021/03/31 6:15 p.m.52 views

CVE-2021-22999

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Sof...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2021/05/10 3:15 p.m.52 views

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash com...

8.2CVSS8.5AI score0.0019EPSS
CVE
CVE
added 2021/09/14 1:15 p.m.52 views

CVE-2021-23051

On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fi...

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.52 views

CVE-2023-23555

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel...

7.5CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2024/08/14 3:15 p.m.52 views

CVE-2024-41723

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS4.5AI score0.00183EPSS
CVE
CVE
added 2017/05/10 2:29 p.m.51 views

CVE-2016-9250

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

7.5CVSS7.5AI score0.00608EPSS
CVE
CVE
added 2017/03/27 6:59 p.m.51 views

CVE-2016-9252

The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.

7.5CVSS7.4AI score0.01195EPSS
CVE
CVE
added 2017/05/09 3:29 p.m.51 views

CVE-2017-6137

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption...

5.9CVSS5.7AI score0.00702EPSS
CVE
CVE
added 2018/04/13 1:29 p.m.51 views

CVE-2017-6155

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

7.5CVSS7.4AI score0.00647EPSS
CVE
CVE
added 2017/10/27 2:29 p.m.51 views

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticate...

8.1CVSS8.6AI score0.06882EPSS
CVE
CVE
added 2018/03/22 6:29 p.m.51 views

CVE-2018-5509

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and i...

7.8CVSS7.3AI score0.01338EPSS
CVE
CVE
added 2019/02/26 3:29 p.m.51 views

CVE-2019-6594

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.

5.9CVSS5.7AI score0.00647EPSS
CVE
CVE
added 2019/05/03 8:29 p.m.51 views

CVE-2019-6617

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to o...

6.5CVSS6.3AI score0.00801EPSS
CVE
CVE
added 2020/12/24 3:15 p.m.51 views

CVE-2020-27718

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.51 views

CVE-2023-27378

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not e...

7.5CVSS6.3AI score0.00354EPSS
CVE
CVE
added 2024/02/14 5:15 p.m.51 views

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliancemode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

6CVSS6AI score0.00012EPSS
CVE
CVE
added 2017/12/21 5:29 p.m.50 views

CVE-2017-6136

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a...

5.9CVSS5.6AI score0.00566EPSS
CVE
CVE
added 2017/10/20 3:29 p.m.50 views

CVE-2017-6141

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Sessio...

5.9CVSS5.6AI score0.00647EPSS
CVE
CVE
added 2017/12/21 5:29 p.m.50 views

CVE-2017-6151

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.

7.8CVSS7.4AI score0.00492EPSS
CVE
CVE
added 2018/03/22 6:29 p.m.50 views

CVE-2018-5505

On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP.

5.9CVSS5.6AI score0.01522EPSS
CVE
CVE
added 2019/12/23 7:15 p.m.50 views

CVE-2019-19151

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access object...

5.5CVSS5.3AI score0.00184EPSS
CVE
CVE
added 2019/02/26 3:29 p.m.50 views

CVE-2019-6592

On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles.

9.1CVSS9.2AI score0.00327EPSS
CVE
CVE
added 2019/03/13 10:29 p.m.50 views

CVE-2019-6598

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack ...

4.3CVSS4.5AI score0.00321EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.50 views

CVE-2019-6679

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with...

3.6CVSS4AI score0.00094EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.50 views

CVE-2019-6688

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP o...

4.3CVSS4.5AI score0.00185EPSS
CVE
CVE
added 2020/02/06 4:15 p.m.50 views

CVE-2020-5854

On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.

5.9CVSS5.7AI score0.00891EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.50 views

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.

8.5CVSS8.2AI score0.00454EPSS
CVE
CVE
added 2021/09/14 2:15 p.m.50 views

CVE-2021-23041

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaS...

6.1CVSS6AI score0.00683EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.50 views

CVE-2023-24594

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS5.6AI score0.00136EPSS
CVE
CVE
added 2014/06/03 2:55 p.m.49 views

CVE-2014-3959

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0,...

4.3CVSS5.8AI score0.00861EPSS
CVE
CVE
added 2016/01/12 8:59 p.m.49 views

CVE-2015-8611

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) exp...

10CVSS9.3AI score0.03574EPSS
CVE
CVE
added 2017/12/21 5:29 p.m.49 views

CVE-2017-6132

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may c...

7.5CVSS7.6AI score0.02162EPSS
CVE
CVE
added 2018/04/13 1:29 p.m.49 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is ...

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2018/05/02 1:29 p.m.49 views

CVE-2018-5516

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file syste...

4.7CVSS4.7AI score0.00115EPSS
CVE
CVE
added 2018/06/01 2:29 p.m.49 views

CVE-2018-5521

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.

6.1CVSS6.2AI score0.00259EPSS
CVE
CVE
added 2018/06/01 2:29 p.m.49 views

CVE-2018-5525

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive custom...

4.3CVSS4.5AI score0.00162EPSS
CVE
CVE
added 2019/03/13 10:29 p.m.49 views

CVE-2019-6597

In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may...

7.2CVSS6.9AI score0.00466EPSS
CVE
CVE
added 2019/05/03 6:29 p.m.49 views

CVE-2019-6611

When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG...

7.5CVSS7.5AI score0.00749EPSS
CVE
CVE
added 2019/05/03 6:29 p.m.49 views

CVE-2019-6612

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart.

7.5CVSS7.4AI score0.00743EPSS
CVE
CVE
added 2019/05/03 8:29 p.m.49 views

CVE-2019-6615

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.

4.9CVSS5.1AI score0.00273EPSS
CVE
CVE
added 2019/05/03 8:29 p.m.49 views

CVE-2019-6619

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.

7.5CVSS7.5AI score0.00743EPSS
CVE
CVE
added 2019/09/25 6:15 p.m.49 views

CVE-2019-6651

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.

5.3CVSS5.3AI score0.00403EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.49 views

CVE-2019-6682

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained system...

7.5CVSS7.5AI score0.00891EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.49 views

CVE-2023-22302

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic M...

5.9CVSS6AI score0.00363EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.49 views

CVE-2023-22422

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to te...

7.5CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2025/05/07 10:15 p.m.49 views

CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.6AI score0.00113EPSS
CVE
CVE
added 2016/01/12 8:59 p.m.48 views

CVE-2015-7393

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Ga...

7.4CVSS7.4AI score0.00075EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.48 views

CVE-2015-8021

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 befor...

4.3CVSS4.4AI score0.00112EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.48 views

CVE-2016-2084

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 ...

7.4CVSS7.3AI score0.00483EPSS
Total number of security vulnerabilities492