Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip advanced web application firewall vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-23053
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run ou...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
383
VMScore
CVE-2021-22994
On BIG-IP versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.3.6, 12.1.x prior to 12.1.5.3, and 11.6.x prior to 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Ssl Orchestrator
383
VMScore
CVE-2021-23000
On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicio...
F5 Big-ip Access Policy Manager 12.1.5.2
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager 12.1.5.2
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall 12.1.5.2
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics 12.1.5.2
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager 12.1.5.2
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager 12.1.5.2
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender 12.1.5.2
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System 12.1.5.2
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service 12.1.5.2
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager 12.1.5.2
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller 12.1.5.2
F5 Big-ip Link Controller
383
VMScore
CVE-2021-22979
On BIG-IP version 16.0.x prior to 16.0.1, 15.1.x prior to 15.1.1, 14.1.x prior to 14.1.2.8, 13.1.x prior to 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protect...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
383
VMScore
CVE-2021-22975
On BIG-IP version 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, and 14.1.x prior to 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached En...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
383
VMScore
CVE-2020-27728
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
383
VMScore
CVE-2020-27719
On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Ssl Orchestrator
383
VMScore
CVE-2020-5939
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, ma...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
383
VMScore
CVE-2013-3587
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle malicious users to obtain plaintext secret values by observing length differences ...
F5 Big-ip Access Policy Manager 13.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager 13.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics 13.0.0
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager 13.0.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager 13.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Edge Gateway
F5 Big-ip Link Controller 13.0.0
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager 13.0.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager 13.0.0
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Protocol Security Module
F5 Big-ip Wan Optimization Manager
F5 Big-ip Webaccelerator
F5 Firepass 7.0.0
F5 Firepass
1 Github repository
383
VMScore
CVE-2014-4023
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 prior to 11.6.0 and 10.1.0 up to and including 10.2.4, AAM 11.4.0 prior to 11.6.0, AFM and PEM 11.3.0 prior to 11.6.0, Anal...
F5 Big-ip Advanced Firewall Manager 11.5.1
F5 Big-ip Advanced Firewall Manager 11.5.0
F5 Big-ip Advanced Firewall Manager 11.4.1
F5 Big-ip Advanced Firewall Manager 11.3.0
F5 Big-ip Advanced Firewall Manager 11.4.0
F5 Big-ip Policy Enforcement Manager 11.4.0
F5 Big-ip Policy Enforcement Manager 11.5.0
F5 Big-ip Policy Enforcement Manager 11.5.1
F5 Big-ip Policy Enforcement Manager 11.3.0
F5 Big-ip Policy Enforcement Manager 11.4.1
F5 Big-ip Application Security Manager 10.2.1
F5 Big-ip Application Security Manager 10.2.3
F5 Big-ip Application Security Manager 11.4.0
F5 Big-ip Application Security Manager 11.5.0
F5 Big-ip Application Security Manager 10.1.0
F5 Big-ip Application Security Manager 11.5.1
F5 Big-ip Application Security Manager 11.0.0
F5 Big-ip Application Security Manager 11.1.0
F5 Big-ip Application Security Manager 11.2.0
F5 Big-ip Application Security Manager 11.2.1
F5 Big-ip Application Security Manager 10.2.0
F5 Big-ip Application Security Manager 10.2.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »