Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip application acceleration manager vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-13135
ImageMagick prior to 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
Imagemagick Imagemagick
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
F5 Big-ip Application Acceleration Manager
F5 Big-ip Webaccelerator
8.8
CVSSv3
CVE-2016-9251
In F5 BIG-IP 12.0.0 up to and including 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
F5 Big-ip Local Traffic Manager 12.1.2
F5 Big-ip Local Traffic Manager 12.0.0
F5 Big-ip Local Traffic Manager 12.1.0
F5 Big-ip Local Traffic Manager 12.1.1
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 12.1.1
F5 Big-ip Application Acceleration Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.1.0
F5 Big-ip Advanced Firewall Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.1.1
F5 Big-ip Advanced Firewall Manager 12.0.0
F5 Big-ip Analytics 12.1.0
F5 Big-ip Analytics 12.0.0
F5 Big-ip Analytics 12.1.2
F5 Big-ip Analytics 12.1.1
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Application Security Manager 12.1.1
F5 Big-ip Application Security Manager 12.1.0
8.8
CVSSv3
CVE-2016-5020
F5 BIG-IP prior to 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
F5 Big-ip Wan Optimization Manager 10.2.3
F5 Big-ip Wan Optimization Manager 11.2.1
F5 Big-ip Wan Optimization Manager 10.2.2
F5 Big-ip Wan Optimization Manager 10.2.4
F5 Big-ip Wan Optimization Manager 10.2.1
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Application Acceleration Manager 11.5.2
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 11.4.1
F5 Big-ip Application Acceleration Manager 11.5.1
F5 Big-ip Application Acceleration Manager 11.6.1
F5 Big-ip Application Acceleration Manager 11.5.4
F5 Big-ip Application Acceleration Manager 11.5.3
F5 Big-ip Application Acceleration Manager 11.6.0
F5 Big-ip Application Acceleration Manager 11.5.0
F5 Big-ip Application Acceleration Manager 11.4.0
8.7
CVSSv3
CVE-2023-43746
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the malicious user to cross a security boundary. Note: So...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
8.7
CVSSv3
CVE-2022-41800
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
1 Metasploit module
8.5
CVSSv3
CVE-2023-22374
A format string vulnerability exists in iControl SOAP that allows an authenticated malicious user to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the malicious user to c...
F5 Big-ip Application Security Manager 13.1.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager 13.1.5
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager 13.1.5
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics 13.1.5
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Application Acceleration Manager 13.1.5
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 13.1.5
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager 13.1.5
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller 13.1.5
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service 13.1.5
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Ssl Orchestrator 13.1.5
F5 Big-ip Ddos Hybrid Defender 13.1.5
F5 Big-ip Application Security Manager
1 Github repository
8.4
CVSSv3
CVE-2020-5945
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.
F5 Big-ip Application Acceleration Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
8.3
CVSSv3
CVE-2021-22978
On BIG-IP version 16.0.x prior to 16.0.1, 15.1.x prior to 15.1.1, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP i...
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Domain Name System
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Ssl Orchestrator
8.2
CVSSv3
CVE-2021-23012
On BIG-IP versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4, and 13.1.x prior to 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administ...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
8.1
CVSSv3
CVE-2023-40537
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »