Vulnerabilities > F5 > BIG IP Access Policy Manager > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-39778 Unspecified vulnerability in F5 products
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5
7.5
2024-08-14 CVE-2024-41164 NULL Pointer Dereference vulnerability in F5 products
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-476
7.5
2024-08-14 CVE-2024-41727 Allocation of Resources Without Limits or Throttling vulnerability in F5 products
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-770
7.5
2023-10-26 CVE-2023-46748 SQL Injection vulnerability in F5 products
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-89
8.8
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-10 CVE-2023-5450 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5
7.8
2023-09-27 CVE-2023-43124 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
low complexity
f5
7.1
2023-09-27 CVE-2023-43125 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5
8.2
2023-08-02 CVE-2023-38418 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5
7.8
2023-02-01 CVE-2023-22323 Allocation of Resources Without Limits or Throttling vulnerability in F5 products
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
network
low complexity
f5 CWE-770
7.5