Lucene search

K
F5Big-ip Ssl Orchestrator

64 matches found

CVE
CVE
added 2024/08/14 3:15 p.m.52 views

CVE-2024-41723

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS4.5AI score0.00183EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.51 views

CVE-2023-27378

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not e...

7.5CVSS6.3AI score0.00354EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.50 views

CVE-2023-24594

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.3CVSS5.6AI score0.00136EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.49 views

CVE-2023-22302

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic M...

5.9CVSS6AI score0.00363EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.49 views

CVE-2023-22422

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to te...

7.5CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.48 views

CVE-2023-22326

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which...

4.9CVSS5.7AI score0.00179EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.47 views

CVE-2023-22323

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software v...

7.5CVSS7.7AI score0.00321EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.47 views

CVE-2023-22842

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versi...

7.5CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2023/02/01 6:15 p.m.46 views

CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Softwar...

7.5CVSS7.7AI score0.00363EPSS
CVE
CVE
added 2023/08/02 4:15 p.m.46 views

CVE-2023-38423

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

5.4CVSS5.3AI score0.00342EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.44 views

CVE-2020-5939

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave th...

7.5CVSS7.4AI score0.00647EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.44 views

CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5CVSS7.6AI score0.00402EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.41 views

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

6.5CVSS6.4AI score0.00154EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.41 views

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Softwa...

4.3CVSS4.7AI score0.00604EPSS
Total number of security vulnerabilities64