Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip access policy manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22341
On version 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * A...
F5 Big-ip Access Policy Manager
NA
CVE-2023-22358
In versions beginning with 7.2.2 to prior to 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Big-ip Edge -
NA
CVE-2023-23555
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to prior to 15.1.8 and 14.1.x beginning in 14.1.5 to prior to 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to prior to 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traff...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Access Policy Manager
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Application Acceleration Manager
F5 Big-ip Service Proxy
NA
CVE-2023-22374
A format string vulnerability exists in iControl SOAP that allows an authenticated malicious user to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the malicious user to c...
F5 Big-ip Application Security Manager 13.1.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager 13.1.5
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager 13.1.5
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics 13.1.5
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Application Acceleration Manager 13.1.5
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 13.1.5
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager 13.1.5
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller 13.1.5
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service 13.1.5
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Ssl Orchestrator 13.1.5
F5 Big-ip Ddos Hybrid Defender 13.1.5
F5 Big-ip Application Security Manager
1 Github repository
NA
CVE-2023-22418
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.7, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthentic...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Domain Name System
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
NA
CVE-2023-22422
On BIG-IP versions 17.0.x prior to 17.0.0.2 and 16.1.x prior to 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management ...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
NA
CVE-2023-22664
On BIG-IP versions 17.0.x prior to 17.0.0.2 and 16.1.x prior to 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource uti...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Service Proxy 1.6.0
NA
CVE-2023-22842
On BIG-IP versions 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8.1, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to termin...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
NA
CVE-2022-41622
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management 7.1.0
F5 Big-iq Centralized Management
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager
NA
CVE-2022-41800
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »