Vulnerabilities > F5 > BIG IP Application Acceleration Manager > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-23555 Improper Initialization vulnerability in F5 products
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-665
7.5
2022-12-07 CVE-2022-41622 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-352
8.8
2022-12-07 CVE-2022-41800 Command Injection vulnerability in F5 products
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint.
network
low complexity
f5 CWE-77
8.7
2022-10-19 CVE-2022-36795 Unspecified vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41624 Unspecified vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41832 Unspecified vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41833 Unspecified vulnerability in F5 products
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-34651 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-34655 Use of Uninitialized Resource vulnerability in F5 products
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-908
7.5
2022-08-04 CVE-2022-34844 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5