Vulnerabilities > F5 > BIG IP Application Acceleration Manager > 14.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46747 | Missing Authentication for Critical Function vulnerability in F5 products Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |
| 2023-10-26 | CVE-2023-46748 | SQL Injection vulnerability in F5 products An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2023-10-10 | CVE-2023-41964 | Unspecified vulnerability in F5 products The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.5 |
| 2023-08-02 | CVE-2023-38138 | Unspecified vulnerability in F5 products A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.1 |
| 2023-08-02 | CVE-2023-38423 | Unspecified vulnerability in F5 products A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.4 |
| 2023-05-03 | CVE-2023-24594 | Resource Exhaustion vulnerability in F5 products When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 |
| 2023-05-03 | CVE-2023-27378 | Unspecified vulnerability in F5 products Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.1 |
| 2023-05-03 | CVE-2023-28406 | Unspecified vulnerability in F5 products A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. | 4.3 |
| 2023-02-01 | CVE-2023-22842 | Out-of-bounds Write vulnerability in F5 products On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2023-02-01 | CVE-2023-23555 | Improper Initialization vulnerability in F5 products On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |