Vulnerabilities > F5 > BIG IP Access Policy Manager > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-14 | CVE-2024-39778 | Unspecified vulnerability in F5 products When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
2024-08-14 | CVE-2024-41164 | NULL Pointer Dereference vulnerability in F5 products When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
2024-08-14 | CVE-2024-41727 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
2023-10-26 | CVE-2023-46748 | SQL Injection vulnerability in F5 products An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-10-10 | CVE-2023-5450 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.8 |
2023-09-27 | CVE-2023-43124 | Unspecified vulnerability in F5 products BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated low complexity f5 | 7.1 |
2023-09-27 | CVE-2023-43125 | Unspecified vulnerability in F5 products BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.2 |
2023-08-02 | CVE-2023-38418 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.8 |
2023-02-01 | CVE-2023-22323 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. | 7.5 |