Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip advanced firewall manager vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-23053
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run ou...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2020-27728
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
7.5
CVSSv3
CVE-2023-23552
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.0 prior to 15.1.8, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in ...
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
7.5
CVSSv3
CVE-2020-27718
When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2021-22976
On BIG-IP Advanced WAF and ASM version 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameter...
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
8.8
CVSSv3
CVE-2021-23014
On versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, and 14.1.x prior to 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to uploa...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
9.9
CVSSv3
CVE-2021-23031
On version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4.1, 13.1.x prior to 13.1.4, 12.1.x prior to 12.1.6, and 11.6.x prior to 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. ...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
7.5
CVSSv3
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x prior to 16.1.0x, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminat...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
4.3
CVSSv3
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x prior to 16.1.2, 15.1.x prior to 15.1.4.1, 14.1.x prior to 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an in...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Acceleration Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »