Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip access policy manager client vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2021-23023
On version 7.2.1.x prior to 7.2.1.3 and 7.1.x prior to 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
4.3
CVSSv2
CVE-2018-15335
When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended mess...
F5 Big-ip Access Policy Manager
5
CVSSv2
CVE-2019-6605
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Edge Gateway
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Protocol Security Manager
F5 Big-ip Webaccelerator
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
4.3
CVSSv2
CVE-2019-6593
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) a...
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 11.6.1
F5 Big-ip Access Policy Manager
F5 Big-ip Local Traffic Manager 11.6.1
F5 Big-ip Local Traffic Manager 12.1.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Firewall Manager 11.6.1
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Firewall Manager 12.1.0
F5 Big-ip Analytics 11.6.1
F5 Big-ip Analytics 12.1.0
F5 Big-ip Analytics
F5 Big-ip Application Security Manager 11.6.1
F5 Big-ip Application Security Manager 12.1.0
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System 11.6.1
F5 Big-ip Domain Name System
F5 Big-ip Domain Name System 12.1.0
F5 Big-ip Edge Gateway 12.1.0
F5 Big-ip Edge Gateway 11.6.1
F5 Big-ip Edge Gateway
F5 Big-ip Fraud Protection Service 12.1.0
2 Github repositories
5
CVSSv2
CVE-2018-5506
In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutu...
F5 Big-ip Local Traffic Manager 11.2.1
F5 Big-ip Local Traffic Manager 13.0.0
F5 Big-ip Local Traffic Manager 11.6.1
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager 11.6.1
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Acceleration Manager 11.2.1
F5 Big-ip Application Acceleration Manager 13.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Firewall Manager 11.2.1
F5 Big-ip Advanced Firewall Manager 13.0.0
F5 Big-ip Advanced Firewall Manager 11.6.1
F5 Big-ip Analytics 11.6.1
F5 Big-ip Analytics 11.2.1
F5 Big-ip Analytics 13.0.0
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 11.6.1
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Access Policy Manager 13.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Application Security Manager 11.2.1
3.5
CVSSv2
CVE-2020-5889
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.
F5 Big-ip Access Policy Manager
4.3
CVSSv2
CVE-2019-6600
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the ...
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
9.3
CVSSv2
CVE-2013-0150
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 up to and including 10.2.4 and 11.0.0 up to and including 11.3.0, FirePass 6.0.0 up to and including 6.1.0 and 7.0.0, and other products "when APM is ...
F5 Big-ip Advanced Firewall Manager 11.3.0
F5 Big-ip Policy Enforcement Manager 11.3.0
F5 Firepass 7.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Edge Gateway
F5 Big-ip Webaccelerator
F5 Big-ip Wan Optimization Manager
F5 Firepass
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Protocol Security Module
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Security Manager
F5 Big-ip Analytics
NA
CVE-2023-22664
On BIG-IP versions 17.0.x prior to 17.0.0.2 and 16.1.x prior to 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource uti...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Service Proxy 1.6.0
5.8
CVSSv2
CVE-2020-5913
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle atta...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Ddos Hybrid Defender
F5 Ssl Orchestrator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »