Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip advanced web application firewall vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-23014
On versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, and 14.1.x prior to 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to uploa...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
9.9
CVSSv3
CVE-2021-23031
On version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4.1, 13.1.x prior to 13.1.4, 12.1.x prior to 12.1.6, and 11.6.x prior to 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. ...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
6.1
CVSSv3
CVE-2021-22984
On BIG-IP Advanced WAF and ASM version 15.1.x prior to 15.1.0.2, 15.0.x prior to 15.0.1.4, 14.1.x prior to 14.1.2.5, 13.1.x prior to 13.1.3.4, 12.1.x prior to 12.1.5.2, and 11.6.x prior to 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
5.3
CVSSv3
CVE-2021-23053
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run ou...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2020-27728
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x prior to 16.1.0x, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminat...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
8.8
CVSSv3
CVE-2021-23029
On version 16.0.x prior to 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Softwar...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2021-23030
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to termi...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
7.5
CVSSv3
CVE-2020-27718
When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »