Vulnerabilities > F5 > BIG IP Advanced Firewall Manager > 15.1.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2023-22326 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. | 4.9 |
| 2023-02-01 | CVE-2023-22374 | Use of Externally-Controlled Format String vulnerability in F5 products A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. | 8.5 |
| 2023-02-01 | CVE-2023-22842 | Out-of-bounds Write vulnerability in F5 products On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2022-12-07 | CVE-2022-41800 | Command Injection vulnerability in F5 products In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. | 8.7 |
| 2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |