Big Ip Application Visibility And Reporting
big-ip_application_visibility_and_reporting
Vendor: F5 • 70 CVEs
CVEs (70)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 moreFeb 4, 2026 May 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If i...Show more |
1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 moreOct 21, 2025 May 8, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Softwa...Show more |
1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 moreOct 21, 2025 May 8, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (...Show more |
1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 moreOct 21, 2025 May 8, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Sof...Show more |
1F5 22Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+19 moreOct 21, 2025 May 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are n...Show more |
1F5 20Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+17 moreOct 27, 2025 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/...Show more |
1F5 20Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+17 moreOct 27, 2025 Oct 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system command...Show more |
33Akka AmazonApache+30 more165.net 3scale Api Management PlatformAdvanced Cluster Management For Kubernetes+162 moreMay 12, 2026 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
1F5 19Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+16 moreNov 21, 2024 Oct 10, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive informatio...Show more |
1F5 18Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+15 moreNov 21, 2024 Oct 10, 2023 N/A· v4 8.7 HIGH· v3 N/A· v2 When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can al...Show more |
1F5 19Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+16 moreNov 21, 2024 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software vers...Show more |
1F5 19Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+16 moreNov 21, 2024 Oct 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated...Show more |
1F5 19Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+16 moreNov 21, 2024 Oct 10, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP...Show more |
1F5 20Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+17 moreNov 21, 2024 Oct 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
1F5 18Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+15 moreNov 21, 2024 Oct 10, 2023 N/A· v4 9.9 CRITICAL· v3 N/A· v2 A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful...Show more |
1F5 19Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+16 moreNov 21, 2024 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
1F5 19Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+16 moreSep 19, 2025 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of T...Show more |
1F5 18Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+15 moreNov 21, 2024 Oct 10, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of T...Show more |
1F5 20Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+17 moreNov 21, 2024 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed req...Show more |
1F5 30Big Ip 10200v F Firmware Big Ip 10350v F FirmwareBig Ip 11000 F Firmware+27 moreNov 21, 2024 Aug 2, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the...Show more |