Vulnerabilities > F5 > BIG IP Application Security Manager > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-23030 Improper Input Validation vulnerability in F5 Big-Ip Application Security Manager
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate.
network
low complexity
f5 CWE-20
7.5
2021-09-14 CVE-2021-23036 Improper Input Validation vulnerability in F5 products
On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-20
7.5
2021-09-14 CVE-2021-23033 Unspecified vulnerability in F5 products
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate.
network
low complexity
f5
7.5
2021-09-14 CVE-2021-23034 Exposure of Resource to Wrong Sphere vulnerability in F5 products
On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.
network
low complexity
f5 CWE-668
7.5
2021-09-14 CVE-2021-23035 Unspecified vulnerability in F5 products
On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2021-09-14 CVE-2021-23039 Unspecified vulnerability in F5 products
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2021-09-14 CVE-2021-23045 Unspecified vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2021-09-14 CVE-2021-23044 Unspecified vulnerability in F5 products
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2021-09-14 CVE-2021-23042 Resource Exhaustion vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization.
network
low complexity
f5 CWE-400
7.5
2021-09-14 CVE-2021-23048 Unspecified vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5