Vulnerabilities > F5 > BIG IP Fraud Protection Service

DATE CVE VULNERABILITY TITLE RISK
2023-05-03 CVE-2023-27378 Unspecified vulnerability in F5 products
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5
6.1
2023-05-03 CVE-2023-28406 Unspecified vulnerability in F5 products
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension.
network
low complexity
f5
4.3
2023-02-01 CVE-2023-22302 Missing Release of Resource after Effective Lifetime vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate.
network
high complexity
f5 CWE-772
5.9
2023-02-01 CVE-2023-22323 Allocation of Resources Without Limits or Throttling vulnerability in F5 products
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
network
low complexity
f5 CWE-770
7.5
2023-02-01 CVE-2023-22326 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information.
network
low complexity
f5 CWE-732
4.9
2023-02-01 CVE-2023-22340 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate.
network
low complexity
f5 CWE-476
7.5
2023-02-01 CVE-2023-22418 Open Redirect vulnerability in F5 products
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.
network
low complexity
f5 CWE-601
6.1
2023-02-01 CVE-2023-22422 Classic Buffer Overflow vulnerability in F5 products
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-120
7.5
2023-02-01 CVE-2023-22664 Resource Exhaustion vulnerability in F5 products
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5
2023-02-01 CVE-2023-22842 Out-of-bounds Write vulnerability in F5 products
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-787
7.5