Vulnerabilities > F5 > BIG IP SSL Orchestrator > 16.1.3.1

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-22340 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate.
network
low complexity
f5 CWE-476
7.5
7.5
2023-02-01 CVE-2023-22418 Open Redirect vulnerability in F5 products
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.
network
low complexity
f5 CWE-601
6.1
6.1
2023-02-01 CVE-2023-22422 Classic Buffer Overflow vulnerability in F5 products
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-120
7.5
7.5
2023-02-01 CVE-2023-22664 Resource Exhaustion vulnerability in F5 products
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5
7.5
2023-02-01 CVE-2023-22842 Out-of-bounds Write vulnerability in F5 products
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-787
7.5
7.5
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
7.5