Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

f5 big-ip edge vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2013-6024
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow malicious users to obtain sensitive information from process memory via unspecified vectors.
F5 Big-ip Edge Gateway 10.1.0F5 Big-ip Edge Gateway 10.2.4F5 Big-ip Access Policy Manager 11.0.0F5 Firepass 6.0.0F5 Firepass 6.1.0F5 Big-ip Access Policy Manager 11.2.0F5 Big-ip Access Policy Manager 11.2.1F5 Big-ip Access Policy Manager 10.2.4F5 Big-ip Access Policy Manager 11.1.0F5 Big-ip Access Policy Manager 11.3.0F5 Big-ip Access Policy Manager 10.1.0F5 Big-ip Edge Gateway 11.0.0F5 Big-ip Edge Gateway 11.5.0F5 Firepass 7.0.0
5.9
CVSSv3
CVE-2016-3686
The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x prior to 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 up to and including 11.3.0 might allow remote malicious users to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.
F5 Big-ip Edge Gateway 11.3.0F5 Big-ip Edge Gateway 11.2.1F5 Big-ip Edge Gateway 11.2.0F5 Big-ip Edge Gateway 11.1.0F5 Big-ip Edge Gateway 11.0.0F5 Big-ip Access Policy Manager 11.5.4F5 Big-ip Access Policy Manager 11.5.3F5 Big-ip Access Policy Manager 11.4.0F5 Big-ip Access Policy Manager 11.2.1F5 Big-ip Access Policy Manager 11.6.0F5 Big-ip Access Policy Manager 11.3.0F5 Big-ip Access Policy Manager 11.2.0F5 Big-ip Access Policy Manager 11.1.0F5 Big-ip Access Policy Manager 11.0.0F5 Big-ip Access Policy Manager 11.5.2F5 Big-ip Access Policy Manager 11.5.1F5 Big-ip Access Policy Manager 11.5.0F5 Big-ip Access Policy Manager 11.4.1
5.3
CVSSv3
CVE-2017-6161
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS pr...
F5 Big-ip Local Traffic Manager 11.2.1F5 Big-ip Local Traffic ManagerF5 Big-ip Local Traffic Manager 11.6.0F5 Big-ip Local Traffic Manager 11.6.1F5 Big-ip Local Traffic Manager 12.1.0F5 Big-ip Local Traffic Manager 12.1.2F5 Big-ip Local Traffic Manager 12.0.0F5 Big-ip Local Traffic Manager 12.1.1F5 Big-ip Application Acceleration Manager 11.2.1F5 Big-ip Application Acceleration ManagerF5 Big-ip Application Acceleration Manager 11.6.0F5 Big-ip Application Acceleration Manager 11.6.1F5 Big-ip Application Acceleration Manager 12.1.0F5 Big-ip Application Acceleration Manager 12.1.2F5 Big-ip Application Acceleration Manager 12.0.0F5 Big-ip Application Acceleration Manager 12.1.1F5 Big-ip Advanced Firewall Manager 12.1.2F5 Big-ip Advanced Firewall Manager 11.2.1F5 Big-ip Advanced Firewall ManagerF5 Big-ip Advanced Firewall Manager 11.6.0F5 Big-ip Advanced Firewall Manager 11.6.1F5 Big-ip Advanced Firewall Manager 12.1.0
6.5
CVSSv3
CVE-2023-22283
On versions beginning in 7.1.5 to prior to 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the sys...
F5 Big-ip Access Policy ManagerF5 Big-ip Edge -
7.8
CVSSv3
CVE-2023-22358
In versions beginning with 7.2.2 to prior to 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy ManagerF5 Big-ip Edge -
7.5
CVSSv3
CVE-2018-5530
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
F5 Big-ip Local Traffic ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip AnalyticsF5 Big-ip Access Policy ManagerF5 Big-ip Application Security ManagerF5 Big-ip Edge GatewayF5 Big-ip Policy Enforcement ManagerF5 Big-ip Websafe
6.7
CVSSv3
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow malicious users to obtain the full session ID from process memory.
F5 Big-ip Access Policy ManagerF5 Big-ip Access Policy Manager ClientF5 Big-ip Edge Gateway
5.5
CVSSv3
CVE-2018-15316
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
F5 Big-ip Access Policy ManagerF5 Big-ip Access Policy Manager ClientF5 Big-ip Edge Client
5.9
CVSSv3
CVE-2018-5501
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
F5 Big-ip Local Traffic ManagerF5 Big-ip Local Traffic Manager 11.2.1F5 Big-ip Local Traffic Manager 13.0.0F5 Big-ip Application Acceleration Manager 11.2.1F5 Big-ip Application Acceleration ManagerF5 Big-ip Application Acceleration Manager 13.0.0F5 Big-ip Advanced Firewall Manager 11.2.1F5 Big-ip Advanced Firewall ManagerF5 Big-ip Advanced Firewall Manager 13.0.0F5 Big-ip Analytics 13.0.0F5 Big-ip AnalyticsF5 Big-ip Analytics 11.2.1F5 Big-ip Access Policy ManagerF5 Big-ip Access Policy Manager 11.2.1F5 Big-ip Access Policy Manager 13.0.0F5 Big-ip Application Security Manager 11.2.1F5 Big-ip Application Security ManagerF5 Big-ip Application Security Manager 13.0.0F5 Big-ip DnsF5 Big-ip Dns 13.0.0F5 Big-ip Dns 11.2.1F5 Big-ip Link Controller 11.2.1
5.3
CVSSv3
CVE-2018-5537
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from ...
F5 Big-ip Local Traffic ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Access Policy ManagerF5 Big-ip Application Security ManagerF5 Big-ip Edge GatewayF5 Big-ip Global Traffic ManagerF5 Big-ip Policy Enforcement ManagerF5 Big-ip WebacceleratorF5 Big-ip Websafe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook