Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38418
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Access Policy Manager Clients
NA
CVE-2023-38423
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS)...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-27378
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technica...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-24461
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an malicious user to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
NA
CVE-2023-28406
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated malicious user to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information ...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-29163
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Advanced Web Application Firewall 17.0.0
F5 Big-ip Ssl Orchestrator 17.0.0
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
NA
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
NA
CVE-2023-28656
NGINX Management Suite may allow an authenticated malicious user to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Instance Manager
F5 Nginx Security Monitoring
F5 Nginx Api Connectivity Manager
NA
CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not eval...
F5 Nginx Instance Manager
F5 Nginx Security Monitoring
F5 Nginx Api Connectivity Manager
NA
CVE-2023-24594
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Advanced Firewall Manager 16.1.2
F5 Big-ip Access Policy Manager 16.1.2
F5 Big-ip Analytics 16.1.2
F5 Big-ip Application Security Manager 16.1.2
F5 Big-ip Application Acceleration Manager 16.1.2
F5 Big-ip Policy Enforcement Manager 16.1.2
F5 Big-ip Local Traffic Manager 16.1.2
F5 Big-ip Link Controller 16.1.2
F5 Big-ip Global Traffic Manager 16.1.2
F5 Big-ip Fraud Protection Service 16.1.2
F5 Big-ip Domain Name System 16.1.2
F5 Big-ip Advanced Web Application Firewall 16.1.2
F5 Big-ip Application Visibility And Reporting 16.1.2
F5 Big-ip Carrier-grade Nat 16.1.2
F5 Big-ip Ddos Hybrid Defender 16.1.2
F5 Big-ip Edge Gateway 16.1.2
F5 Big-ip Ssl Orchestrator 16.1.2
F5 Big-ip Webaccelerator 16.1.2
F5 Big-ip Websafe 16.1.2
F5 Big-ip Access Policy Manager 15.1.4.1
F5 Big-ip Advanced Firewall Manager 15.1.4.1
F5 Big-ip Advanced Web Application Firewall 15.1.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »