Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip advanced firewall manager vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-27718
When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
383
VMScore
CVE-2020-27728
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
357
VMScore
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x prior to 16.1.2, 15.1.x prior to 15.1.4.1, 14.1.x prior to 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an in...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Acceleration Manager
578
VMScore
CVE-2021-23029
On version 16.0.x prior to 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Softwar...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
445
VMScore
CVE-2021-23030
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to termi...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
578
VMScore
CVE-2021-23031
On version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4.1, 13.1.x prior to 13.1.4, 12.1.x prior to 12.1.6, and 11.6.x prior to 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. ...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
NA
CVE-2023-23552
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.0 prior to 15.1.8, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in ...
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
NA
CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
578
VMScore
CVE-2021-23014
On versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, and 14.1.x prior to 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to uploa...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
605
VMScore
CVE-2021-22993
On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.6, and 12.1.x prior to 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Softw...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »