Vulnerabilities > F5 > BIG IP Local Traffic Manager

DATE CVE VULNERABILITY TITLE RISK
2022-08-04 CVE-2022-34851 Unspecified vulnerability in F5 products
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests.
network
low complexity
f5
6.5
2022-08-04 CVE-2022-34862 Infinite Loop vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-835
7.5
2022-08-04 CVE-2022-34865 Unspecified vulnerability in F5 products
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning.
network
low complexity
f5
critical
9.1
2022-08-04 CVE-2022-35236 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-35240 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-35243 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint.
network
low complexity
f5
critical
9.1
2022-08-04 CVE-2022-35272 Unspecified vulnerability in F5 products
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate.
local
low complexity
f5
5.5
2022-08-04 CVE-2022-35728 Unspecified vulnerability in F5 products
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility.
network
low complexity
f5
critical
9.8
2022-08-04 CVE-2022-35735 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation.
network
low complexity
f5
7.2
2022-05-05 CVE-2022-1389 Unspecified vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
network
low complexity
f5
4.3