Vulnerabilities > F5 > BIG IP Analytics > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23019 Improper Input Validation vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-20
7.5
2022-01-25 CVE-2022-23020 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-476
7.5
2022-01-25 CVE-2022-23021 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile.
network
low complexity
f5 CWE-476
7.5
2022-01-25 CVE-2022-23022 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-476
7.5
2022-01-25 CVE-2022-23025 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-476
7.5
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
2021-09-14 CVE-2021-23026 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
network
low complexity
f5 CWE-352
8.8
2021-09-14 CVE-2021-23025 OS Command Injection vulnerability in F5 products
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility.
network
low complexity
f5 CWE-78
8.8
2021-09-14 CVE-2021-23034 Exposure of Resource to Wrong Sphere vulnerability in F5 products
On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.
network
low complexity
f5 CWE-668
7.5
2021-09-14 CVE-2021-23035 Unspecified vulnerability in F5 products
On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5