Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip afm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-21763
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not ev...
NA
CVE-2024-21771
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical...
NA
CVE-2023-22281
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traff...
F5 Big-ip Advanced Firewall Manager
NA
CVE-2022-41806
In versions 16.1.x prior to 16.1.3.2 and 15.1.x prior to 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
F5 Big-ip Advanced Firewall Manager
NA
CVE-2022-41813
In versions 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Advanced Firewall Manager
6.5
CVSSv2
CVE-2022-28695
On F5 BIG-IP AFM 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, and 13.1.x versions before 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, whi...
F5 Big-ip Advanced Firewall Manager 13.1.0
F5 Big-ip Advanced Firewall Manager 14.1.0
F5 Big-ip Advanced Firewall Manager 15.1.0
F5 Big-ip Advanced Firewall Manager 14.1.4
F5 Big-ip Advanced Firewall Manager 16.1.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager 16.1.2
F5 Big-ip Advanced Firewall Manager 16.1.1
F5 Big-ip Advanced Firewall Manager 15.1.5
F5 Big-ip Advanced Firewall Manager 15.1.4
F5 Big-ip Advanced Firewall Manager 15.1.3
F5 Big-ip Advanced Firewall Manager 15.1.2
F5 Big-ip Advanced Firewall Manager 15.1.1
F5 Big-ip Advanced Firewall Manager 14.1.3
F5 Big-ip Advanced Firewall Manager 14.1.2
F5 Big-ip Advanced Firewall Manager 13.1.5
F5 Big-ip Advanced Firewall Manager 13.1.4
F5 Big-ip Advanced Firewall Manager 13.1.3
F5 Big-ip Advanced Firewall Manager 13.1.1
6.8
CVSSv2
CVE-2022-28716
On 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Carrier-grade Nat
7.1
CVSSv2
CVE-2022-23018
On BIG-IP AFM version 16.1.x prior to 16.1.2, 15.1.x prior to 15.1.4.1, 14.1.x prior to 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Man...
F5 Big-ip Advanced Firewall Manager
4.3
CVSSv2
CVE-2022-23024
On BIG-IP AFM version 16.x prior to 16.1.0, 15.1.x prior to 15.1.4.1, 14.1.x prior to 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic...
F5 Big-ip Advanced Firewall Manager
4.3
CVSSv2
CVE-2022-23028
On BIG-IP AFM version 16.x prior to 16.1.0, 15.1.x prior to 15.1.5, 14.1.x prior to 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fa...
F5 Big-ip Advanced Firewall Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »