Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip apm vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-23032
In all versions prior to 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Suppor...
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
6.1
CVSSv3
CVE-2021-23054
On version 16.x prior to 16.1.0, 15.1.x prior to 15.1.4, 14.1.x prior to 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured...
F5 Big-ip Access Policy Manager
5.3
CVSSv3
CVE-2021-23047
On version 16.x prior to 16.1.0, 15.1.x prior to 15.1.3.1, 14.1.x prior to 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), u...
F5 Big-ip Access Policy Manager
6.1
CVSSv3
CVE-2021-23052
On version 14.1.x prior to 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions whi...
F5 Big-ip Access Policy Manager
5.3
CVSSv3
CVE-2021-23016
On BIG-IP APM versions 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4.1, 13.1.x prior to 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending spe...
F5 Big-ip Access Policy Manager
9.8
CVSSv3
CVE-2021-23008
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.4, 12.1.x prior to 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) respo...
NA
CVE-1111-1111
F5 BIG-IP APM AD authentication vulnerability. BIG-IP APM AD (Active Directory) authentication can be bypassed using a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection, or from an AD server c...
4.5
CVSSv3
CVE-2021-23002
When using BIG-IP APM 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x prior to 7.2.1.1, 7.1.9.x prior to 7.1.9.8, or 7.1.8.x prior to 7.1.8.5, the session ID is...
F5 Access Policy Manager Clients
F5 Big-ip Access Policy Manager
7.8
CVSSv3
CVE-2021-22980
In Edge Client version 7.2.x prior to 7.2.1.1, 7.1.9.x prior to 7.1.9.8, and 7.1.x-7.1.8.x prior to 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an malicious user to load a malicious DLL library fro...
F5 Access Policy Manager Clients
F5 Big-ip Access Policy Manager
7.5
CVSSv3
CVE-2021-22985
On BIG-IP APM version 16.0.x prior to 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached En...
F5 Big-ip Application Security Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »