Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip advanced firewall manager vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-22984
On BIG-IP Advanced WAF and ASM version 15.1.x prior to 15.1.0.2, 15.0.x prior to 15.0.1.4, 14.1.x prior to 14.1.2.5, 13.1.x prior to 13.1.3.4, 12.1.x prior to 12.1.5.2, and 11.6.x prior to 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
6.8
CVSSv2
CVE-2021-22993
On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.6, and 12.1.x prior to 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Softw...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
6.5
CVSSv2
CVE-2021-23014
On versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, and 14.1.x prior to 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to uploa...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
6.5
CVSSv2
CVE-2021-23029
On version 16.0.x prior to 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Softwar...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
5
CVSSv2
CVE-2021-23030
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to termi...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
4.3
CVSSv2
CVE-2021-23053
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run ou...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
NA
CVE-2023-23552
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.0 prior to 15.1.8, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in ...
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
5
CVSSv2
CVE-2021-22976
On BIG-IP Advanced WAF and ASM version 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameter...
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
NA
CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
5
CVSSv2
CVE-2020-27718
When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »