Vulnerabilities > F5 > BIG IP Domain Name System > 13.1.3.3

DATE CVE VULNERABILITY TITLE RISK
2022-10-19 CVE-2022-41983 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.
network
high complexity
f5 CWE-319
3.7
3.7
2022-08-04 CVE-2022-32455 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-119
7.5
7.5
2022-05-05 CVE-2022-1388 Missing Authentication for Critical Function vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.
network
low complexity
f5 CWE-306
critical
 9.8
9.8
2022-05-05 CVE-2022-26415 Command Injection vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint.
network
low complexity
f5 CWE-77
critical
 9.1
9.1
2022-01-25 CVE-2022-23010 Improper Resource Shutdown or Release vulnerability in F5 products
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
f5 CWE-404
7.1
7.1
2022-01-25 CVE-2022-23013 Cross-site Scripting vulnerability in F5 Big-Ip Domain Name System
On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user.
network
f5 CWE-79
4.3
4.3
2022-01-25 CVE-2022-23017 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
f5 CWE-476
7.1
7.1
2022-01-25 CVE-2022-23019 Improper Input Validation vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization.
network
f5 CWE-20
7.1
7.1
2022-01-25 CVE-2022-23023 Resource Exhaustion vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
4.0
4.0
2022-01-25 CVE-2022-23025 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
f5 CWE-476
4.3
4.3