Latest f5 big-ip advanced web application firewall Vulnerabilities

CVE-2023-46748
BIG-IP Configuration utility authenticated SQL injection vulnerability
F5 BIG-IP Configuration Utility
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.10
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.4
F5 BIG-IP Access Policy Manager>=17.1.0<=17.1.1
and 95 more
CVE-2023-46747
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
F5 BIG-IP Configuration Utility
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.10
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.4
F5 BIG-IP Access Policy Manager>=17.1.0<=17.1.1
and 95 more
CVE-2023-45219
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view ...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.5
and 70 more
CVE-2023-43611
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  This vulnerability is due to an incomplete fix for CVE-2023-38418. ...
F5 BIG-IP Access Policy Manager>=7.2.3<7.2.4.4
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 72 more
CVE-2023-41373
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Applianc...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.6
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.10.2
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4.1
F5 BIG-IP Access Policy Manager>=17.1.0<17.1.0.3
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 84 more
CVE-2023-42768
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or i...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.5
and 70 more
CVE-2023-41085
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.5
and 70 more
CVE-2023-43485
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoT...
F5 BIG-IQ Centralized Management>=8.0.0<8.2.0.1.0.13.97-eng
F5 BIG-IQ Centralized Management>=8.3.0<8.3.0.0.12.118-eng
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
and 68 more
CVE-2023-41964
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.5
and 71 more
CVE-2023-40542
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which ...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.5
and 70 more
CVE-2023-40537
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.  Note: Software versions which h...
F5 BIG-IP Access Policy Manager>=13.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=14.1.5
F5 BIG-IP Advanced Firewall Manager>=15.1.0<15.1.9
F5 BIG-IP Advanced Firewall Manager>=16.1.0<16.1.4
and 48 more
CVE-2023-40534
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual ser...
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.4.1
F5 BIG-IP Access Policy Manager=17.1.0
F5 BIG-IP Advanced Firewall Manager>=16.1.0<16.1.4.1
F5 BIG-IP Advanced Firewall Manager=17.1.0
F5 Big-ip Advanced Web Application Firewall>=16.1.0<16.1.4.1
F5 Big-ip Advanced Web Application Firewall=17.1.0
and 33 more
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 553 more
CVE-2023-38423
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. ...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9.1
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.5
F5 BIG-IP Access Policy Manager>=17.0.0<17.1.0.2
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 89 more
CVE-2023-3470
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with...
F5 BIG-IP Access Policy Manager>=13.1.0<13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.4
F5 BIG-IP Access Policy Manager=15.1.0
F5 BIG-IP Advanced Firewall Manager>=13.1.0<13.1.4
F5 BIG-IP Advanced Firewall Manager>=14.1.0<14.1.4
F5 BIG-IP Advanced Firewall Manager=15.1.0
and 73 more
CVE-2023-38138
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logge...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9.1
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.5
F5 BIG-IP Access Policy Manager>=17.0.0<17.1.0.2
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 89 more
CVE-2023-38419
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.5
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.9.1
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.5
F5 BIG-IP Access Policy Manager>=17.0.0<17.1.0.2
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 90 more
CVE-2023-27378
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently ...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.4
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.8.2
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.4
F5 BIG-IP Access Policy Manager>=17.0.0<17.1.0.1
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 89 more
CVE-2023-29163
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End o...
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.4
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.8.2
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.4
F5 BIG-IP Access Policy Manager=17.0.0
F5 BIG-IP Advanced Firewall Manager>=14.1.0<14.1.5.4
F5 BIG-IP Advanced Firewall Manager>=15.1.0<15.1.8.2
and 70 more
CVE-2023-28406
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted ...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.4
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.8.2
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.4
F5 BIG-IP Access Policy Manager>=17.0.0<17.1.0.1
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
and 89 more
CVE-2023-24594
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.   Note: Software versions which have reached End of T...
F5 BIG-IP Access Policy Manager=14.1.5
F5 BIG-IP Access Policy Manager=15.1.4.1
F5 BIG-IP Access Policy Manager=16.1.2
F5 BIG-IP Advanced Firewall Manager=14.1.5
F5 BIG-IP Advanced Firewall Manager=15.1.4.1
F5 BIG-IP Advanced Firewall Manager=16.1.2
and 52 more
CVE-2023-23552
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is config...
F5 Big-ip Advanced Web Application Firewall>=13.1.0<=13.1.5
F5 Big-ip Advanced Web Application Firewall>=14.1.0<14.1.5.3
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.8
F5 Big-ip Advanced Web Application Firewall>=16.1.0<16.1.3.3
F5 Big-ip Advanced Web Application Firewall>=17.0.0<17.0.0.2
F5 BIG-IP Application Security Manager>=13.1.0<=13.1.5
and 4 more
CVE-2022-41983
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AE...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.5.1
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.7
F5 BIG-IP Access Policy Manager>=16.1.0<16.1.3.1
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<14.1.5.1
and 70 more
CVE-2022-41836
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.7
F5 Big-ip Advanced Web Application Firewall>=16.1.0<16.1.3.1
F5 Big-ip Advanced Web Application Firewall=17.0.0
F5 BIG-IP Application Security Manager>=15.1.0<15.1.7
F5 BIG-IP Application Security Manager>=16.1.0<16.1.3.1
F5 BIG-IP Application Security Manager=17.0.0
CVE-2022-41617
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code executio...
F5 Big-ip Advanced Web Application Firewall>=13.1.0<13.1.5.1
F5 Big-ip Advanced Web Application Firewall>=14.1.0<14.1.5.1
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.6.1
F5 Big-ip Advanced Web Application Firewall>=16.1.0<16.1.3.1
F5 BIG-IP Application Security Manager>=13.1.0<13.1.5.1
F5 BIG-IP Application Security Manager>=14.1.0<14.1.5.1
and 2 more
CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Advanced Web Application Firewall>=14.1.0<14.1.5.2
F5 BIG-IP Application Security Manager>=14.1.0<14.1.5.2
CVE-2022-29491
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when ...
F5 Big-ip Access Policy Manager=11.6.1
F5 Big-ip Access Policy Manager=11.6.2
F5 Big-ip Access Policy Manager=11.6.3
F5 Big-ip Access Policy Manager=11.6.4
F5 Big-ip Access Policy Manager=11.6.5
F5 Big-ip Access Policy Manager=12.1.0
and 118 more
CVE-2022-25946
F5 BIG-IP Access Policy Manager=13.1.0
F5 BIG-IP Access Policy Manager=13.1.1
F5 BIG-IP Access Policy Manager=13.1.3
F5 BIG-IP Access Policy Manager=13.1.4
F5 BIG-IP Access Policy Manager=13.1.5
F5 BIG-IP Access Policy Manager=14.1.0
and 49 more
CVE-2022-23031
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5...
F5 Big-ip Advanced Web Application Firewall>=14.1.0<=14.1.4
F5 Big-ip Advanced Web Application Firewall>=15.1.0<=15.1.3
F5 Big-ip Advanced Web Application Firewall>=16.0.0<=16.1.0
F5 BIG-IP Application Security Manager>=14.1.0<=14.1.4
F5 BIG-IP Application Security Manager>=15.1.0<=15.1.3
F5 BIG-IP Application Security Manager>=16.0.0<=16.1.0
and 3 more
CVE-2022-23023
On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authen...
F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.5
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.4
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.2
F5 BIG-IP Advanced Firewall Manager>=12.1.0<=12.1.5
and 66 more
CVE-2022-23029
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclos...
F5 BIG-IP Access Policy Manager>=11.6.1<=11.6.5
F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.6
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.4
F5 BIG-IP Advanced Firewall Manager>=11.6.1<=11.6.5
and 64 more
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a g...
F5 Big-ip Advanced Web Application Firewall>=12.1.0<=12.1.6
F5 Big-ip Advanced Web Application Firewall>=13.1.0<=13.1.4
F5 Big-ip Advanced Web Application Firewall>=14.1.0<=14.1.4
F5 Big-ip Advanced Web Application Firewall>=15.1.0<=15.1.4
F5 Big-ip Advanced Web Application Firewall>=16.0.0<=16.1.1
F5 Big-ip Application Acceleration Manager>=12.1.0<=12.1.6
and 4 more
CVE-2022-23027
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile ar...
F5 BIG-IP Access Policy Manager>=12.1.5.3<=12.1.6
F5 BIG-IP Access Policy Manager>=13.1.3.6<=13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.3
F5 BIG-IP Advanced Firewall Manager>=12.1.5.3<=12.1.6
F5 BIG-IP Advanced Firewall Manager>=13.1.3.6<=13.1.4
and 50 more
CVE-2022-23025
On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cau...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.3
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.1
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.4
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.4
and 50 more
CVE-2022-23030
On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.4
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.1
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.4
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.4
and 50 more
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...
Balasys Dheater
Siemens Scalance W1750d Firmware
Siemens Scalance W1750d
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
SUSE Linux Enterprise Server=15
and 80 more
CVE-2021-23029
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Appl...
F5 Big-ip Advanced Web Application Firewall>=16.0.0<16.0.1.2
F5 BIG-IP Application Security Manager>=16.0.0<16.0.1.2
CVE-2021-23027
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.3
F5 BIG-IP Access Policy Manager>=16.0.0<=16.0.1.1
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.4
F5 BIG-IP Advanced Firewall Manager>=15.1.0<=15.1.3
F5 BIG-IP Advanced Firewall Manager>=16.0.0<=16.0.1.1
and 36 more
CVE-2021-23026
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vuln...
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.2
F5 BIG-IP Access Policy Manager>=16.0.0<=16.0.1.1
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.4
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.4
and 53 more
CVE-2021-23028
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Applicatio...
F5 Big-ip Advanced Web Application Firewall>=13.1.3.5<=13.1.3.6
F5 Big-ip Advanced Web Application Firewall>=14.1.3.1<=14.1.4.1
F5 Big-ip Advanced Web Application Firewall>=15.1.1<15.1.3.1
F5 Big-ip Advanced Web Application Firewall=16.0.1
F5 BIG-IP Application Security Manager>=13.1..3.5<=13.1.3.6
F5 BIG-IP Application Security Manager>=14.1.3.1<=14.1.4.1
and 2 more
CVE-2021-23025
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP C...
F5 BIG-IP Access Policy Manager>=11.6.1<=11.6.5
F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.6
F5 BIG-IP Access Policy Manager>=13.1.0<13.1.3.5
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.3.1
F5 BIG-IP Access Policy Manager>=15.0.0<15.1.0.5
F5 BIG-IP Advanced Firewall Manager>=11.6.1<=11.6.5
and 64 more
CVE-2021-23036
On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note...
F5 Big-ip Advanced Web Application Firewall>=16.0.0<=16.0.1
F5 BIG-IP Application Security Manager>=16.0.0<=16.0.1
F5 Big-ip Datasafe>=16.0.0<=16.0.1
CVE-2021-23031
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege e...
F5 Big-ip Advanced Web Application Firewall>=11.6.1<=11.6.5.2
F5 Big-ip Advanced Web Application Firewall>=12.1.0<=12.1.5
F5 Big-ip Advanced Web Application Firewall>=13.1.0<=13.1.3
F5 Big-ip Advanced Web Application Firewall>=14.1.0<=14.1.4
F5 Big-ip Advanced Web Application Firewall>=15.1.0<=15.1.2
F5 Big-ip Advanced Web Application Firewall>=16.0.0<=16.0.1.1
and 6 more
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is confi...
F5 Big-ip Advanced Web Application Firewall>=12.1.0<=12.1.6
F5 Big-ip Advanced Web Application Firewall>=13.1.0<13.1.4.1
F5 Big-ip Advanced Web Application Firewall>=14.1.0<14.1.4.3
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.3.1
F5 Big-ip Advanced Web Application Firewall>=16.0.0<16.1.0
F5 BIG-IP Application Security Manager>=12.1.0<=12.1.6
and 4 more
CVE-2021-23042
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclose...
F5 BIG-IP Access Policy Manager>=12.1.0<12.1.6
F5 BIG-IP Access Policy Manager>=13.1.0<13.1.4
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.4
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.3
F5 BIG-IP Access Policy Manager>=16.0.0<16.0.1.2
F5 BIG-IP Advanced Firewall Manager>=12.1.0<12.1.6
and 64 more
CVE-2021-23041
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists ...
F5 BIG-IP Access Policy Manager>=12.1.0<=12.1.6
F5 BIG-IP Access Policy Manager>=13.1.0<13.1.4.1
F5 BIG-IP Access Policy Manager>=14.1.0<14.1.4.2
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.3
F5 BIG-IP Access Policy Manager>=16.0.0<16.0.1.2
F5 BIG-IP Advanced Firewall Manager>=12.1.0<=12.1.6
and 49 more
CVE-2021-23053
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the...
F5 Big-ip Advanced Web Application Firewall>=13.1.0<13.1.3.6
F5 Big-ip Advanced Web Application Firewall>=14.1.0<14.1.3.1
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.3
F5 BIG-IP Application Security Manager>=13.1.0<13.1.3.6
F5 BIG-IP Application Security Manager>=14.1.0<14.1.3.1
F5 BIG-IP Application Security Manager>=15.1.0<15.1.3
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled polic...
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.3.1
F5 Big-ip Advanced Web Application Firewall>=16.0.0<16.0.1.2
F5 BIG-IP Application Security Manager>=15.1.0<15.1.3.1
F5 BIG-IP Application Security Manager>=16.0.0<16.0.1.2
F5 Nginx App Protect>=1.0.0<=1.3.0
F5 Nginx App Protect>=2.0.0<=2.3.0
and 1 more
CVE-2021-23051
On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed reques...
F5 BIG-IP Access Policy Manager>=15.1.0.4<15.1.3.1
F5 BIG-IP Advanced Firewall Manager>=15.1.0.4<15.1.3.1
F5 Big-ip Advanced Web Application Firewall>=15.1.0.4<15.1.3.1
F5 BIG-IP Analytics>=15.1.0.4<15.1.3.1
F5 Big-ip Application Acceleration Manager>=15.1.0.4<15.1.3.1
F5 BIG-IP Application Security Manager>=15.1.0.4<15.1.3.1
and 5 more
CVE-2021-23049
F5 BIG-IP Access Policy Manager>=15.1.0<15.1.3
F5 BIG-IP Access Policy Manager>=16.0.0<16.0.1.2
F5 BIG-IP Advanced Firewall Manager>=15.1.0<15.1.3
F5 BIG-IP Advanced Firewall Manager>=16.0.0<16.0.1.2
F5 Big-ip Advanced Web Application Firewall>=15.1.0<15.1.3
F5 Big-ip Advanced Web Application Firewall>=16.0.0<16.0.1.2
and 16 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203