Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip access policy manager vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-5897
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
8.8
CVSSv3
CVE-2019-6646
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Advanced Firewall Manager 12.0.0
F5 Big-ip Analytics 12.0.0
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Link Controller 12.0.0
F5 Big-ip Policy Enforcement Manager 12.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Application Security Manager 12.0.0
F5 Big-ip Webaccelerator
F5 Big-ip Webaccelerator 12.0.0
F5 Enterprise Manager 3.1.1
F5 Big-ip Local Traffic Manager
F5 Big-ip Local Traffic Manager 12.0.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Fraud Protection Service 12.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Global Traffic Manager 12.0.0
F5 Big-ip Advanced Firewall Manager
8.8
CVSSv3
CVE-2019-6642
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to ...
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 15.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Firewall Manager 15.0.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Acceleration Manager 15.0.0
F5 Big-ip Link Controller
F5 Big-ip Link Controller 15.0.0
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Policy Enforcement Manager 15.0.0
F5 Big-ip Webaccelerator
F5 Big-ip Webaccelerator 15.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Application Security Manager 15.0.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Local Traffic Manager 15.0.0
F5 Big-ip Fraud Protection Service
F5 Big-ip Fraud Protection Service 15.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Global Traffic Manager 15.0.0
F5 Big-ip Analytics
F5 Big-ip Analytics 15.0.0
8.8
CVSSv3
CVE-2016-9251
In F5 BIG-IP 12.0.0 up to and including 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
F5 Big-ip Local Traffic Manager 12.0.0
F5 Big-ip Local Traffic Manager 12.1.1
F5 Big-ip Local Traffic Manager 12.1.2
F5 Big-ip Local Traffic Manager 12.1.0
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Application Acceleration Manager 12.1.1
F5 Big-ip Application Acceleration Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.0.0
F5 Big-ip Advanced Firewall Manager 12.1.1
F5 Big-ip Advanced Firewall Manager 12.1.0
F5 Big-ip Analytics 12.1.2
F5 Big-ip Analytics 12.1.1
F5 Big-ip Analytics 12.1.0
F5 Big-ip Analytics 12.0.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Application Security Manager 12.1.0
F5 Big-ip Application Security Manager 12.1.1
8.8
CVSSv3
CVE-2016-5020
F5 BIG-IP prior to 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
F5 Big-ip Wan Optimization Manager 11.2.1
F5 Big-ip Wan Optimization Manager 10.2.4
F5 Big-ip Wan Optimization Manager 10.2.2
F5 Big-ip Wan Optimization Manager 10.2.3
F5 Big-ip Wan Optimization Manager 10.2.1
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Application Acceleration Manager 11.4.1
F5 Big-ip Application Acceleration Manager 11.4.0
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 11.6.1
F5 Big-ip Application Acceleration Manager 11.6.0
F5 Big-ip Application Acceleration Manager 11.5.4
F5 Big-ip Application Acceleration Manager 11.5.2
F5 Big-ip Application Acceleration Manager 11.5.0
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Application Acceleration Manager 11.5.3
F5 Big-ip Application Acceleration Manager 11.5.1
8.7
CVSSv3
CVE-2023-43746
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the malicious user to cross a security boundary. Note: So...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
8.7
CVSSv3
CVE-2022-41800
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
1 Metasploit module
8.6
CVSSv3
CVE-2019-6610
On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
8.5
CVSSv3
CVE-2023-22374
A format string vulnerability exists in iControl SOAP that allows an authenticated malicious user to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the malicious user to c...
F5 Big-ip Application Security Manager 13.1.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager 13.1.5
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager 13.1.5
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics 13.1.5
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Application Acceleration Manager 13.1.5
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 13.1.5
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager 13.1.5
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller 13.1.5
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service 13.1.5
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Ssl Orchestrator 13.1.5
F5 Big-ip Ddos Hybrid Defender 13.1.5
F5 Big-ip Application Security Manager
1 Github repository
8.4
CVSSv3
CVE-2020-5945
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »