Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip application security manager vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-22993
On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2, 14.1.x prior to 14.1.3.1, 13.1.x prior to 13.1.3.6, and 12.1.x prior to 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Softw...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
8.8
CVSSv3
CVE-2021-22988
On BIG-IP versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.3.6, 12.1.x prior to 12.1.5.3, and 11.6.x prior to 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vuln...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Ssl Orchestrator
1 Article
8.8
CVSSv3
CVE-2020-5922
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Ssl Orchestrator
8.8
CVSSv3
CVE-2020-5904
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
8.8
CVSSv3
CVE-2019-6646
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Advanced Firewall Manager 12.0.0
F5 Big-ip Analytics 12.0.0
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Link Controller 12.0.0
F5 Big-ip Policy Enforcement Manager 12.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Application Security Manager 12.0.0
F5 Big-ip Webaccelerator
F5 Big-ip Webaccelerator 12.0.0
F5 Enterprise Manager 3.1.1
F5 Big-ip Local Traffic Manager
F5 Big-ip Local Traffic Manager 12.0.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Fraud Protection Service 12.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Global Traffic Manager 12.0.0
F5 Big-ip Advanced Firewall Manager
8.8
CVSSv3
CVE-2019-6642
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to ...
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 15.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Firewall Manager 15.0.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Acceleration Manager 15.0.0
F5 Big-ip Link Controller
F5 Big-ip Link Controller 15.0.0
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Policy Enforcement Manager 15.0.0
F5 Big-ip Webaccelerator
F5 Big-ip Webaccelerator 15.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Application Security Manager 15.0.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Local Traffic Manager 15.0.0
F5 Big-ip Fraud Protection Service
F5 Big-ip Fraud Protection Service 15.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Global Traffic Manager 15.0.0
F5 Big-ip Analytics
F5 Big-ip Analytics 15.0.0
8.8
CVSSv3
CVE-2019-13135
ImageMagick prior to 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
Imagemagick Imagemagick
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
F5 Big-ip Application Acceleration Manager
F5 Big-ip Webaccelerator
8.8
CVSSv3
CVE-2016-9251
In F5 BIG-IP 12.0.0 up to and including 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
F5 Big-ip Local Traffic Manager 12.0.0
F5 Big-ip Local Traffic Manager 12.1.1
F5 Big-ip Local Traffic Manager 12.1.2
F5 Big-ip Local Traffic Manager 12.1.0
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Application Acceleration Manager 12.1.1
F5 Big-ip Application Acceleration Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.0.0
F5 Big-ip Advanced Firewall Manager 12.1.1
F5 Big-ip Advanced Firewall Manager 12.1.0
F5 Big-ip Analytics 12.1.2
F5 Big-ip Analytics 12.1.1
F5 Big-ip Analytics 12.1.0
F5 Big-ip Analytics 12.0.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Application Security Manager 12.1.0
F5 Big-ip Application Security Manager 12.1.1
8.8
CVSSv3
CVE-2016-5020
F5 BIG-IP prior to 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
F5 Big-ip Wan Optimization Manager 11.2.1
F5 Big-ip Wan Optimization Manager 10.2.4
F5 Big-ip Wan Optimization Manager 10.2.2
F5 Big-ip Wan Optimization Manager 10.2.3
F5 Big-ip Wan Optimization Manager 10.2.1
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Application Acceleration Manager 11.4.1
F5 Big-ip Application Acceleration Manager 11.4.0
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 11.6.1
F5 Big-ip Application Acceleration Manager 11.6.0
F5 Big-ip Application Acceleration Manager 11.5.4
F5 Big-ip Application Acceleration Manager 11.5.2
F5 Big-ip Application Acceleration Manager 11.5.0
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Application Acceleration Manager 11.5.3
F5 Big-ip Application Acceleration Manager 11.5.1
8.7
CVSSv3
CVE-2023-43746
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the malicious user to cross a security boundary. Note: So...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »