Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip access policy manager vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2021-23046
On all versions of Guided Configuration prior to 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical...
F5 Big-ip Access Policy Manager
F5 Big-ip Guided Configuration
7.5
CVSSv3
CVE-2022-33203
In BIG-IP Versions 16.1.x prior to 16.1.3, 15.1.x prior to 15.1.6.1, and 14.1.x prior to 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software...
F5 Big-ip Access Policy Manager
F5 Big-ip Ssl Orchestrator
7.5
CVSSv3
CVE-2018-5544
When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2018-5548
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
F5 Big-ip Access Policy Manager
5.3
CVSSv3
CVE-2021-23047
On version 16.x prior to 16.1.0, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), u...
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2021-23054
On version 16.x prior to 16.1.0, 15.1.x prior to 15.1.4, 14.1.x prior to 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured...
F5 Big-ip Access Policy Manager
7.5
CVSSv3
CVE-2023-22341
On version 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * A...
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2020-27726
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
F5 Big-ip Access Policy Manager
5.4
CVSSv3
CVE-2020-5853
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.
F5 Big-ip Access Policy Manager
7.5
CVSSv3
CVE-2020-5874
On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM).
F5 Big-ip Access Policy Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »