Latest CVE Feed
-
8.8
HIGHCVE-2021-23029
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration... Read more
- EPSS Score: %0.28
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23028
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied... Read more
- EPSS Score: %0.61
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23027
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %0.64
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-23026
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks thr... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +5 more products- EPSS Score: %0.30
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-23025
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which hav... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %1.12
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-23024
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) ar... Read more
Affected Products : big-iq_centralized_management- EPSS Score: %4.89
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23023
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not ... Read more
Affected Products : big-ip_access_policy_manager- EPSS Score: %0.09
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23022
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are n... Read more
- EPSS Score: %0.14
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.... Read more
Affected Products : nginx_controller- EPSS Score: %0.18
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-23020
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.... Read more
Affected Products : nginx_controller- EPSS Score: %0.19
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.... Read more
Affected Products : nginx_controller- EPSS Score: %0.19
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.... Read more
Affected Products : nginx_controller- EPSS Score: %0.26
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
7.7
HIGHCVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.... Read more
- EPSS Score: %79.44
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-23016
On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM ... Read more
Affected Products : big-ip_access_policy_manager- EPSS Score: %0.26
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-23015
On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utiliz... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %0.09
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-23014
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest ... Read more
- EPSS Score: %0.28
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23013
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (S... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %0.80
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-23012
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Admini... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %0.19
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23011
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %0.65
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23010
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Pr... Read more
Affected Products : big-ip_application_security_manager- EPSS Score: %0.65
- Published: May. 10, 2021
- Modified: Nov. 21, 2024