Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2023-39447
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Guided Configuration 8.0
F5 Big-ip Guided Configuration 6.0
F5 Big-ip Access Policy Manager
F5 Big-ip Guided Configuration
7.4
CVSSv3
CVE-2023-45226
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed...
F5 Big-ip Next Service Proxy For Kubernetes 1.5.0
7.8
CVSSv3
CVE-2023-5450
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
7.1
CVSSv3
CVE-2023-43124
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager 13.1.5.1
F5 Big-ip Access Policy Manager Client
8.2
CVSSv3
CVE-2023-43125
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 17.1.0
F5 Big-ip Access Policy Manager 13.1.5.1
F5 Big-ip Access Policy Manager Client
5.5
CVSSv3
CVE-2023-36858
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an malicious user to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Access Policy Manager Clients
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2023-3470
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM...
F5 Big-ip Application Acceleration Manager 15.1.0
F5 Big-ip Local Traffic Manager 15.1.0
F5 Big-ip Advanced Firewall Manager 15.1.0
F5 Big-ip Policy Enforcement Manager 15.1.0
F5 Big-ip Link Controller 15.1.0
F5 Big-ip Global Traffic Manager 15.1.0
F5 Big-ip Fraud Protection Service 15.1.0
F5 Big-ip Domain Name System 15.1.0
F5 Big-ip Application Security Manager 15.1.0
F5 Big-ip Access Policy Manager 15.1.0
F5 Big-ip Analytics 15.1.0
F5 Big-ip Ddos Hybrid Defender 15.1.0
F5 Big-ip Advanced Web Application Firewall 15.1.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
4.4
CVSSv3
CVE-2023-36494
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 F5os-a 1.4.0
6.1
CVSSv3
CVE-2023-38138
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Sup...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
7.8
CVSSv3
CVE-2023-38418
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Access Policy Manager Clients
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »