Vulnerabilities > F5 > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-14 CVE-2021-46462 Unspecified vulnerability in F5 NJS
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
network
low complexity
f5
7.5
2022-01-25 CVE-2022-23009 Incorrect Authorization vulnerability in F5 Big-Iq Centralized Management 8.0.0
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system.
network
low complexity
f5 CWE-863
7.2
2022-01-25 CVE-2022-23010 Improper Resource Shutdown or Release vulnerability in F5 products
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-404
7.5
2022-01-25 CVE-2022-23011 Incorrect Calculation vulnerability in F5 products
On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature.
network
low complexity
f5 CWE-682
7.5
2022-01-25 CVE-2022-23012 Double Free vulnerability in F5 products
On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-415
7.5
2022-01-25 CVE-2022-23013 Cross-site Scripting vulnerability in F5 products
On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user.
network
low complexity
f5 CWE-79
8.8
2022-01-25 CVE-2022-23015 Resource Exhaustion vulnerability in F5 products
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5
2022-01-25 CVE-2022-23016 NULL Pointer Dereference vulnerability in F5 products
On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-476
7.5
2022-01-25 CVE-2022-23017 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-476
7.5
2022-01-25 CVE-2022-23018 Improper Handling of Exceptional Conditions vulnerability in F5 Big-Ip Advanced Firewall Manager
On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-755
7.5