Vulnerabilities > F5 > BIG IP Fraud Protection Service > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-04 CVE-2022-35236 Resource Exhaustion vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5
2022-08-04 CVE-2022-35240 Improper Resource Shutdown or Release vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-404
7.5
2022-08-04 CVE-2022-35735 Injection vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation.
network
low complexity
f5 CWE-74
7.2
2022-05-05 CVE-2022-26071 Use of Insufficiently Random Values vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports.
network
low complexity
f5 CWE-330
7.5
2022-05-05 CVE-2022-26370 Use of Uninitialized Resource vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-908
7.5
2022-05-05 CVE-2022-26372 Resource Exhaustion vulnerability in F5 products
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5
2022-05-05 CVE-2022-26517 Incorrect Calculation vulnerability in F5 products
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-682
7.5
2022-05-05 CVE-2022-27189 Incorrect Conversion between Numeric Types vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization.
network
low complexity
f5 CWE-681
7.5
2022-05-05 CVE-2022-28691 Resource Exhaustion vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization.
network
low complexity
f5 CWE-400
7.5
2022-05-05 CVE-2022-28701 Resource Exhaustion vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5