f5
1,031 tracked vulnerabilities.
CVE-2022-23024
HIGH
BIG-IP AFM DoS via IPsec ALG Logging Profile (13.1.x < 13.1.4, 14.1.x < 14.1.4.2, 15.1.x < 15.1.4.1, 16.x < 16.1.0)
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23023
MEDIUM
F5 BIG-IP 12.1.0-12.1.4 - Authenticated Uncontrolled Resource Consumption via iControl REST
Jan 25, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23022
HIGH
F5 BIG-IP 16.1.0-16.1.1 - Denial of Service via HTTP Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23021
HIGH
F5 BIG-IP 16.1.0-16.1.1 - Denial of Service via TMM Termination
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23020
HIGH
F5 BIG-IP 16.1.0-16.1.1 - Denial of Service via Request Logging Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23019
HIGH
F5 BIG-IP 12.1.0-12.1.5 - Denial of Service via Diameter Session and Router Profiles
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23018
HIGH
BIG-IP AFM DoS via HTTP Protocol Security and HTTP Proxy Connect
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23017
HIGH
F5 BIG-IP 13.1.0-13.1.3 - Denial of Service via DNS Profile Rapid Response Mode
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23016
HIGH
BIG-IP 15.1.0-15.1.4 - Denial of Service via TLS 1.3 SSL Forward Proxy
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23015
HIGH
F5 BIG-IP 14.1.2.6-14.1.4.4, 15.1.x < 15.1.4.1, 16.x < 16.1.0 - Uncontrolled Resource Consumption via Client SSL Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23014
MEDIUM
BIG-IP APM 15.1.0-15.1.4.1 and 16.1.0-16.1.2 - Denial of Service via Portal Access Virtual Server
Jan 25, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23013
HIGH
BIG-IP DNS & GTM 11.6.0-11.6.4, 12.1.x, 13.1.x, 14.1.0-14.1.4.3, 15.1.0-15.1.3, 16.0.x - DOM-based Cross-Site Scripting
Jan 25, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-23012
HIGH
F5 BIG-IP 14.1.0-14.1.4.5 - Denial of Service via HTTP/2 Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23011
HIGH
BIG-IP 14.1.0-14.1.2 - Denial of Service via SYN Cookie Protection
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23010
HIGH
F5 BIG-IP 11.6.0-11.6.4 - Memory Exhaustion via FastL4 and HTTP Profile Configuration
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23009
HIGH
BIG-IQ Centralized Management 8.x - Authenticated Incorrect Authorization
Jan 25, 2022
CVSS 7.2
EPSS 0.01
CVE-2022-23008
MEDIUM
F5 NGINX Controller API Management 3.18.0-3.19.0 - Authenticated JavaScript Injection via Undisclosed API Endpoints
Jan 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2021-23055
MEDIUM
NGINX Ingress Controller <2.0.3-1.12.3 - Command Injection
Apr 21, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-3618
HIGH
F5 NGINX < 1.21.0 - Improper Certificate Validation
Mar 23, 2022
CVSS 7.4
EPSS 0.02
CVE-2021-46463
CRITICAL
njs < 0.7.1 - Control Flow Hijack via Type Confusion in njs_promise_perform_then()
Feb 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-46462
HIGH
njs < 0.7.1 - Denial of Service via njs_object_set_prototype
Feb 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-42717
HIGH
OWASP ModSecurity 2.8.0-2.9.4 and 3.0.0-3.0.5 - Denial of Service via Excessively Nested JSON Objects
Dec 07, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-23054
MEDIUM
BIG-IP Access Policy Manager 11.6.1-11.6.4 - Authenticated Reflected Cross-Site Scripting in Resource Information Page
Sep 27, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-40438
CRITICAL
KEVNUCLEI
Apache HTTP Server <2.4.48 - SSRF
Sep 16, 2021
CVSS 9.0
EPSS 1.00
CVE-2021-23029
HIGH
F5 BIG-IP Advanced WAF and ASM 16.0.0-16.0.1.1 - Authenticated Server-Side Request Forgery
Sep 14, 2021
CVSS 8.8
EPSS 0.01
Products
big-ip_access_policy_manager 628
big-ip_application_security_manager 581
big-ip_advanced_firewall_manager 552
big-ip_local_traffic_manager 541
big-ip_policy_enforcement_manager 533
big-ip_link_controller 525
big-ip_application_acceleration_manager 524
big-ip_analytics 511
big-ip_global_traffic_manager 490
big-ip_domain_name_system 469
big-ip_fraud_protection_service 405
big-ip_webaccelerator 297
big-ip_edge_gateway 293
big-ip_advanced_web_application_firewall 195
big-ip_websafe 175
big-ip_ddos_hybrid_defender 166
big-ip_ssl_orchestrator 147
big-ip_carrier-grade_nat 109
big-ip_application_visibility_and_reporting 108
big-ip_container_ingress_services 86
big-ip_automation_toolchain 85
big-iq_centralized_management 85
big-ip_protocol_security_module 61
BIG-IP 46
nginx 42
njs 40
enterprise_manager 39
big-ip_wan_optimization_manager 38
traffix_signaling_delivery_controller 31
ssl_orchestrator 27
Quick Filters