Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip advanced web application firewall vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-23029
On version 16.0.x prior to 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Softwar...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
6.5
CVSSv2
CVE-2021-23031
On version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4.1, 13.1.x prior to 13.1.4, 12.1.x prior to 12.1.6, and 11.6.x prior to 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. ...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
4.3
CVSSv2
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x prior to 16.1.0x, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminat...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
4.3
CVSSv2
CVE-2021-23053
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run ou...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
5
CVSSv2
CVE-2020-27718
When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
5.8
CVSSv2
CVE-2021-22984
On BIG-IP Advanced WAF and ASM version 15.1.x prior to 15.1.0.2, 15.0.x prior to 15.0.1.4, 14.1.x prior to 14.1.2.5, 13.1.x prior to 13.1.3.4, 12.1.x prior to 12.1.5.2, and 11.6.x prior to 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
6.8
CVSSv2
CVE-2021-22993
On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.6, and 12.1.x prior to 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Softw...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
NA
CVE-2022-41617
In versions 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5.1, and 13.1.x prior to 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
NA
CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
4
CVSSv2
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x prior to 16.1.2, 15.1.x prior to 15.1.4.1, 14.1.x prior to 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an in...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Acceleration Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »