Lucene search

K
F5Big-ip Ddos Hybrid Defender

86 matches found

CVE
CVE
added 2021/03/31 6:15 p.m.60 views

CVE-2021-23000

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cau...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2021/03/31 6:15 p.m.60 views

CVE-2021-23004

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. No...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2023/10/10 1:15 p.m.60 views

CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.5CVSS5.8AI score0.00226EPSS
CVE
CVE
added 2023/10/10 1:15 p.m.58 views

CVE-2023-42768

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Sof...

7.2CVSS7AI score0.00428EPSS
CVE
CVE
added 2021/05/10 2:15 p.m.57 views

CVE-2021-23013

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions. This ...

7.5CVSS7.6AI score0.00798EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.57 views

CVE-2023-22340

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical...

7.5CVSS7.6AI score0.00362EPSS
CVE
CVE
added 2021/09/14 5:15 p.m.56 views

CVE-2021-23045

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to termin...

7.5CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.55 views

CVE-2020-5913

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connectio...

7.4CVSS7.3AI score0.00193EPSS
CVE
CVE
added 2021/05/10 3:15 p.m.55 views

CVE-2021-23009

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data pla...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2021/05/10 2:15 p.m.55 views

CVE-2021-23011

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of re...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2021/05/10 3:15 p.m.55 views

CVE-2021-23015

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Not...

7.2CVSS7.4AI score0.00089EPSS
CVE
CVE
added 2021/03/31 6:15 p.m.54 views

CVE-2021-23003

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virt...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2023/08/02 4:15 p.m.54 views

CVE-2023-3470

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information re...

6.1CVSS6.1AI score0.00071EPSS
CVE
CVE
added 2023/10/10 1:15 p.m.54 views

CVE-2023-45219

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) ar...

4.4CVSS5AI score0.00104EPSS
CVE
CVE
added 2021/03/31 6:15 p.m.52 views

CVE-2021-22999

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Sof...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2021/05/10 3:15 p.m.52 views

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash com...

8.2CVSS8.5AI score0.0019EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.52 views

CVE-2023-23555

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel...

7.5CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2024/08/14 3:15 p.m.52 views

CVE-2024-41723

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS4.5AI score0.00183EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.51 views

CVE-2023-27378

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not e...

7.5CVSS6.3AI score0.00354EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.50 views

CVE-2023-24594

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS5.6AI score0.00136EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.49 views

CVE-2023-22302

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic M...

5.9CVSS6AI score0.00363EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.49 views

CVE-2023-22422

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to te...

7.5CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.48 views

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.

9.3CVSS8.7AI score0.00156EPSS
CVE
CVE
added 2021/03/31 6:15 p.m.48 views

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call...

4.3CVSS5AI score0.00246EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.48 views

CVE-2023-22326

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which...

4.9CVSS5.7AI score0.00179EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.47 views

CVE-2023-22323

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software v...

7.5CVSS7.7AI score0.00321EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.47 views

CVE-2023-22842

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versi...

7.5CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.46 views

CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Softwar...

7.5CVSS7.7AI score0.00363EPSS
CVE
CVE
added 2023/08/02 4:15 p.m.46 views

CVE-2023-38423

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.4CVSS5.3AI score0.00342EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.44 views

CVE-2020-5912

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.

7.1CVSS7AI score0.00084EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.44 views

CVE-2020-5939

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave th...

7.5CVSS7.4AI score0.00647EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.44 views

CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5CVSS7.6AI score0.00402EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.43 views

CVE-2020-5916

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.

6.8CVSS6.6AI score0.001EPSS
CVE
CVE
added 2020/10/29 2:15 p.m.42 views

CVE-2020-5938

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.

6.5CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.41 views

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

6.5CVSS6.4AI score0.00154EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.41 views

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Softwa...

4.3CVSS4.7AI score0.00604EPSS
Total number of security vulnerabilities86