Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip asm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-23014
On versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, and 14.1.x prior to 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to uploa...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
5
CVSSv2
CVE-2021-23030
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to termi...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
4.3
CVSSv2
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x prior to 16.1.0x, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, 13.1.x prior to 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminat...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
NA
CVE-2023-23552
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.0 prior to 15.1.8, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in ...
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
4
CVSSv2
CVE-2022-23026
On BIG-IP ASM & Advanced WAF version 16.1.x prior to 16.1.2, 15.1.x prior to 15.1.4.1, 14.1.x prior to 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an in...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Acceleration Manager
4.3
CVSSv2
CVE-2021-23053
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run ou...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
4.3
CVSSv2
CVE-2014-9342
Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote malicious users to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.
F5 Big-ip 11.3.0
7.8
CVSSv2
CVE-2018-5541
When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.
F5 Big-ip Application Security Manager
5
CVSSv2
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2 and 15.1.x prior to 15.1.3 and NGINX App Protect on all versions prior to 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may caus...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
F5 Nginx App Protect
3.5
CVSSv2
CVE-2020-5932
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that ...
F5 Big-ip Application Security Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »