Latest CVE Feed
-
7.5
HIGHCVE-2021-23039
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiate... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %0.57
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
9.0
CRITICALCVE-2021-23038
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %0.54
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-23037
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the cont... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %1.18
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23036
On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical... Read more
- EPSS Score: %0.61
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23035
On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached E... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %0.86
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23034
On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %0.92
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cau... Read more
- EPSS Score: %0.65
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23032
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Manage... Read more
Affected Products : big-ip_domain_name_system- EPSS Score: %0.89
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-23031
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configurat... Read more
- EPSS Score: %0.83
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23030
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can ... Read more
- EPSS Score: %0.68
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-23029
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration... Read more
- EPSS Score: %0.28
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23028
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied... Read more
- EPSS Score: %0.61
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23027
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %0.64
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-23026
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks thr... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +5 more products- EPSS Score: %0.30
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-23025
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which hav... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- EPSS Score: %1.12
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-23024
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) ar... Read more
Affected Products : big-iq_centralized_management- EPSS Score: %4.89
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23023
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not ... Read more
Affected Products : big-ip_access_policy_manager- EPSS Score: %0.09
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23022
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are n... Read more
- EPSS Score: %0.14
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.... Read more
Affected Products : nginx_controller- EPSS Score: %0.18
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-23020
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.... Read more
Affected Products : nginx_controller- EPSS Score: %0.19
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024