Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
F5Big-ip Application Security Manager17.1.0

15 matches found

CVE
CVEadded 2023/10/10 2:15 p.m.4408 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS
CVE
CVEadded 2024/08/14 3:15 p.m.79 views

CVE-2024-41727

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.6AI score0.00341EPSS
CVE
CVEadded 2023/10/10 1:15 p.m.74 views

CVE-2023-40534

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached En...

7.5CVSS7.6AI score0.00571EPSS
CVE
CVEadded 2024/08/14 3:15 p.m.74 views

CVE-2024-39778

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.5AI score0.0037EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.73 views

CVE-2024-22389

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.2CVSS7.1AI score0.00127EPSS
CVE
CVEadded 2024/08/14 3:15 p.m.62 views

CVE-2024-41164

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.2CVSS5.7AI score0.00299EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.60 views

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServ...

7.5CVSS7.5AI score0.00308EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.56 views

CVE-2024-22093

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Supp...

9.6CVSS8.6AI score0.00379EPSS
CVE
CVEadded 2024/08/14 3:15 p.m.52 views

CVE-2024-41723

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS4.5AI score0.00183EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.51 views

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliancemode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

6CVSS6AI score0.00012EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.43 views

CVE-2024-24775

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5CVSS7.6AI score0.00362EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.41 views

CVE-2024-21782

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

6.7CVSS7.4AI score0.00286EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.40 views

CVE-2024-23603

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

8.8CVSS5.3AI score0.00274EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.40 views

CVE-2024-23979

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are...

7.5CVSS7.8AI score0.00203EPSS
CVE
CVEadded 2024/02/14 5:15 p.m.34 views

CVE-2024-23314

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

7.5CVSS7.6AI score0.00267EPSS