Big-ip Fraud Protection Service Security Vulnerabilities and Issues — Big-ip Fraud Protection Service CVE List

Lucene search

F5Big-ip Fraud Protection Service

22 matches found

CVE•added 2019/02/15 3:29 p.m.•498 views

CVE-2019-6974

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

8.1CVSS7.7AI score0.08376EPSS

CVE•added 2022/12/07 4:15 a.m.•277 views

CVE-2022-41622

In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.8CVSS8.7AI score0.81263EPSS

CVE•added 2022/12/07 4:15 a.m.•256 views

CVE-2022-41800

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Softwa...

8.7CVSS8.4AI score0.92837EPSS

CVE•added 2020/03/27 3:15 p.m.•137 views

CVE-2020-5860

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and H...

8.1CVSS8.2AI score0.00259EPSS

CVE•added 2019/09/04 6:15 p.m.•116 views

CVE-2019-6646

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.

8.8CVSS8.8AI score0.00417EPSS

CVE•added 2023/02/01 6:15 p.m.•111 views

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: ...

8.5CVSS8.5AI score0.0501EPSS

CVE•added 2021/02/12 8:15 p.m.•93 views

CVE-2021-22978

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is grante...

8.3CVSS7.9AI score0.00822EPSS

CVE•added 2024/08/14 3:15 p.m.•79 views

CVE-2024-41727

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.6AI score0.00341EPSS

CVE•added 2020/04/30 10:15 p.m.•74 views

CVE-2020-5888

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.

8.1CVSS7.9AI score0.00158EPSS

CVE•added 2024/08/14 3:15 p.m.•74 views

CVE-2024-39778

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.5AI score0.0037EPSS

CVE•added 2021/09/14 10:15 p.m.•73 views

CVE-2021-23026

BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions ...

8.8CVSS8.7AI score0.00302EPSS

CVE•added 2021/09/14 9:15 p.m.•72 views

CVE-2021-23025

On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) ar...

8.8CVSS8.7AI score0.01119EPSS

CVE•added 2023/10/10 1:15 p.m.•71 views

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have...

8.7CVSS8.4AI score0.00056EPSS

CVE•added 2020/04/30 9:15 p.m.•66 views

CVE-2020-5876

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address o...

8.1CVSS7.9AI score0.00304EPSS

CVE•added 2022/05/05 5:15 p.m.•66 views

CVE-2022-28707

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker...

8CVSS5.4AI score0.00712EPSS

CVE•added 2023/10/10 1:15 p.m.•65 views

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.1CVSS8AI score0.00361EPSS

CVE•added 2024/08/14 3:15 p.m.•62 views

CVE-2024-41164

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.2CVSS5.7AI score0.00299EPSS

CVE•added 2020/07/01 3:15 p.m.•61 views

CVE-2020-5904

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.

8.8CVSS8.6AI score0.00279EPSS

CVE•added 2021/05/10 3:15 p.m.•52 views

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash com...

8.2CVSS8.5AI score0.0019EPSS

CVE•added 2020/11/05 8:15 p.m.•50 views

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.

8.5CVSS8.2AI score0.00454EPSS

CVE•added 2020/07/01 3:15 p.m.•42 views

CVE-2020-5906

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

8.1CVSS7.8AI score0.00131EPSS

CVE•added 2018/07/25 2:29 p.m.•38 views

CVE-2018-5542

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.

8.1CVSS8.1AI score0.00837EPSS