cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37028,https://securityvulnerability.io/vulnerability/CVE-2024-37028,F5 BIG-IP Next Central Manager Vulnerability Allows for Unauthorized Account Lockouts,BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,Big-ip Next Central Manager,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-08-14T14:32:33.153Z,0
CVE-2024-39809,https://securityvulnerability.io/vulnerability/CVE-2024-39809,User Session Refresh Token No Longer Expiring After Logout,"A vulnerability exists in F5 Networks' Central Manager where the user session refresh token does not expire upon user logout. This flaw can potentially allow unauthorized access to user sessions, leading to privacy breaches and data exposure risks. It is important for organizations to ensure that their systems are updated and that configurations are reviewed to mitigate this risk, especially in light of versions that have reached End of Technical Support (EoTS) not being evaluated for this vulnerability.",F5,Big-ip Next Central Manager,8.8,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-08-14T14:32:32.789Z,0
CVE-2024-41719,https://securityvulnerability.io/vulnerability/CVE-2024-41719,BIG-IP Next Logs Include F5 iHealth Credentials,"When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM),  F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Next Central Manager,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-14T14:32:32.375Z,0
CVE-2024-41727,https://securityvulnerability.io/vulnerability/CVE-2024-41727,Memory Resource Utilization Increase in BIG-IP Tenants on Certain Hardware,"A vulnerability exists in F5 Networks' BIG-IP product impacting tenants operated on r2000 and r4000 series hardware, as well as the BIG-IP Virtual Edition using Intel E810 SR-IOV NIC. This issue can lead to increased memory resource utilization due to undisclosed traffic patterns. It's important for organizations using affected versions to review and address this resource management concern to maintain optimal operation and ensure system performance.",F5,Big-ip,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-08-14T14:32:32.000Z,0
CVE-2024-41164,https://securityvulnerability.io/vulnerability/CVE-2024-41164,Traffic Termination Due to Unforeseen Circumstances in Virtual Servers,"A configuration fault exists in F5 Networks' Virtual Server when Multipath TCP (MPTCP) is enabled. Undisclosed traffic, along with specific conditions outside the attacker's control, can lead to an unexpected termination of the Traffic Management Microkernel (TMM). This vulnerability highlights the need for diligent monitoring and management of MPTCP settings to prevent potential disruptions and maintain service integrity.",F5,"Big-ip,Big-ip Next Cnf,Big-ip Next Spk",7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-08-14T14:32:31.623Z,0
CVE-2024-39778,https://securityvulnerability.io/vulnerability/CVE-2024-39778,Undisclosed Requests Can Cause TMM Termination in BIG-IP with High-Speed Bridge (HSB),A significant vulnerability exists in the F5 BIG-IP system when a stateless virtual server is configured with a High-Speed Bridge (HSB). This issue allows for certain undisclosed requests to inadvertently cause the Traffic Management Microkernel (TMM) to terminate. It is essential for users to examine their system configurations and ensure that they are not using versions that have reached End of Technical Support (EoTS) to mitigate potential security risks. Addressing this vulnerability is crucial for maintaining the integrity and availability of services running on the BIG-IP platform.,F5,Big-ip,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-08-14T14:32:31.250Z,0
CVE-2024-41723,https://securityvulnerability.io/vulnerability/CVE-2024-41723,F5 BIG-IP iControl REST Vulnerability Leads to User Account Name Leak,Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,Big-ip,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-14T14:32:30.852Z,0
CVE-2024-32761,https://securityvulnerability.io/vulnerability/CVE-2024-32761,Potential Data Leak in BIG-IP TMMs on VELOS and rSeries Platforms,"
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,Big-ip,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:29.122Z,0
CVE-2024-26026,https://securityvulnerability.io/vulnerability/CVE-2024-26026,F5 Networks BIG-IP Next Central Manager API SQL Injection Vulnerability,"An SQL injection vulnerability has been identified in the F5 Networks BIG-IP Next Central Manager API which could allow an attacker to manipulate database queries through crafted input. This can lead to unauthorized data access or alteration, significantly compromising system integrity and privacy. It is essential to apply patches or updates to the affected products to mitigate potential exploitation risks. Software versions that have reached End of Technical Support (EoTS) are not considered in this evaluation, highlighting the importance of maintaining up-to-date software.",F5,Big-ip Next Central Manager,9.8,CRITICAL,0.000910000002477318,false,true,false,true,true,true,false,2024-05-08T15:01:28.771Z,8445
CVE-2024-21793,https://securityvulnerability.io/vulnerability/CVE-2024-21793,OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API,"An OData injection vulnerability has been identified in the BIG-IP Next Central Manager API, potentially allowing attackers to exploit the API through crafted OData requests. This vulnerability impacts the integrity and availability of the affected products, emphasizing the need for immediate awareness and remediation strategies. It's important to note that software versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability. Users are advised to apply appropriate security patches to mitigate the risk associated with this vulnerability.",F5,Big-ip Next Central Manager,9.8,CRITICAL,0.000910000002477318,false,true,true,true,,false,false,2024-05-08T15:01:28.422Z,0
CVE-2024-33612,https://securityvulnerability.io/vulnerability/CVE-2024-33612,Improper Certificate Validation Vulnerability in BIG-IP Central Manager Could Allow Impersonation of Instance Provider Systems,"An improper certificate validation vulnerability exists in BIG-IP Next Central Manager, presenting a risk where attackers may successfully impersonate an Instance Provider system. This flaw can facilitate an intruder's ability to bypass security boundaries, potentially leading to unauthorized access and compromise of sensitive information. Specific software versions that have reached End of Technical Support (EoTS) are not subject to this evaluation.",F5,Big-ip Next Central Manager,8,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-05-08T15:01:28.082Z,0
CVE-2024-31156,https://securityvulnerability.io/vulnerability/CVE-2024-31156,Stored XSS vulnerability in BIG-IP Configuration utility,"The F5 BIG-IP Configuration utility possesses a stored cross-site scripting vulnerability that can be exploited via an undisclosed page. This vulnerability enables an attacker to inject and execute malicious JavaScript code within the context of a currently authenticated user, potentially compromising user data and application integrity. Notably, versions of the software that have reached End of Technical Support (EoTS) are not reviewed for this particular vulnerability.",F5,Big-ip,8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:27.734Z,0
CVE-2024-33604,https://securityvulnerability.io/vulnerability/CVE-2024-33604,Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility,"
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,Big-ip,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:27.377Z,0
CVE-2024-28132,https://securityvulnerability.io/vulnerability/CVE-2024-28132,Sensitive Information Vulnerability in GSLB Container,"
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.



",F5,Big-ip Next Cnf,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:27.035Z,0
CVE-2024-28889,https://securityvulnerability.io/vulnerability/CVE-2024-28889,Termination of Traffic Management Microkernel (TMM) Due to Non-Default SSL Profile Configuration,"


When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip,5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:26.693Z,0
CVE-2024-32049,https://securityvulnerability.io/vulnerability/CVE-2024-32049,Unauthenticated Remote Attackers May Obtain BIG-IP Next LTM/WAF Instance Credentials,"The F5 BIG-IP Next Central Manager (CM) is impacted by a vulnerability that could enable unauthenticated, remote attackers to gain access to the credentials of F5 BIG-IP Next Local Traffic Manager (LTM) and Web Application Firewall (WAF) instances. This security issue presents a critical risk to the integrity and confidentiality of the affected systems, permitting adversaries to potentially exploit sensitive information without proper authorization. It is essential for organizations using F5 products to assess their exposure and implement necessary mitigations.",F5,Big-ip Next Central Manager,7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-05-08T15:01:26.346Z,0
CVE-2024-27202,https://securityvulnerability.io/vulnerability/CVE-2024-27202,Undisclosed BIG-IP Configuration Utility Vulnerability Allows Cross-Site Scripting Attacks,"
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:26.004Z,0
CVE-2024-25560,https://securityvulnerability.io/vulnerability/CVE-2024-25560,Undisclosed DNS Traffic Can Cause BIG-IP AFM TMM Termination,"A vulnerability in the BIG-IP Advanced Firewall Manager (AFM) from F5 Networks has been identified, which allows undetected DNS traffic to disrupt the operation of the Traffic Management Microkernel (TMM). When BIG-IP AFM is licensed and provisioned, such traffic can lead to unexpected termination of the TMM, potentially impacting the security and availability of network services. Users are advised to review their configurations and apply any available updates to mitigate this issue.",F5,"Big-ip,Big-ip Next Cnf",7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:25.651Z,0
CVE-2024-33608,https://securityvulnerability.io/vulnerability/CVE-2024-33608,IPsec Configuration Can Cause Termination of Traffic Management Microkernel,"An issue has been identified in F5 Networks' virtual server configuration, specifically related to the IPsec implementation. When IPsec is enabled, certain undisclosed traffic patterns can provoke an unexpected termination of the Traffic Management Microkernel (TMM), which may lead to service outages and disruptions. Users of affected F5 BIG-IP versions are advised to review their configurations to mitigate the impacts of this vulnerability. As always, keeping systems updated and monitoring vendor advisories are recommended best practices.",F5,Big-ip,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:25.289Z,0
CVE-2024-28883,https://securityvulnerability.io/vulnerability/CVE-2024-28883,F5 BIG-IP APM Vulnerability Allows Attackers to Bypass Endpoint Inspection,"A vulnerability in the F5 BIG-IP APM browser network access VPN client affects systems running on Windows, macOS, and Linux. This origin validation flaw may enable attackers to circumvent the endpoint inspection mechanisms, presenting a risk to the integrity of network security protocols. Implementing the appropriate software updates and measures is crucial for protecting affected systems, especially as software versions that have reached End of Technical Support are not evaluated for this vulnerability.",F5,"Big-ip Edge Client,Big-ip",7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-08T15:01:24.931Z,0
CVE-2024-23982,https://securityvulnerability.io/vulnerability/CVE-2024-23982,BIG-IP PEM Classification Profile Vulnerability,"A vulnerability in F5 BIG-IP systems occurs when a PEM classification profile is active on a UDP virtual server. In this scenario, specific undisclosed requests can lead to the termination of the Traffic Management Microkernel (TMM). This issue particularly impacts classification engines that utilize signatures released between September 8, 2022, and February 16, 2023. Users should refer to the F5 Security Advisory for detailed information regarding the affected classification signature files and ensure they are not using software versions that have reached End of Technical Support (EoTS).",F5,Big-ip,7.5,HIGH,0.0005499999970197678,false,false,false,false,,false,false,2024-02-14T16:35:08.991Z,0
CVE-2024-21763,https://securityvulnerability.io/vulnerability/CVE-2024-21763,BIG-IP AFM Device Vulnerable to Termination Due to Undisclosed Queries,"A vulnerability in the BIG-IP AFM Device occurs when the DoS profile is configured with an NXDOMAIN attack vector and bad actor detection is enabled. This configuration can lead to improper handling of undisclosed DNS queries, potentially causing the Traffic Management Microkernel (TMM) to terminate unexpectedly. Organizations using affected versions should review their configurations to mitigate risks associated with this issue.",F5,BIG-IP,7.5,HIGH,0.0005499999970197678,false,false,false,false,,false,false,2024-02-14T16:30:25.714Z,0
CVE-2024-23805,https://securityvulnerability.io/vulnerability/CVE-2024-23805,Undisclosed Requests Can Cause TMM Termination for HTTP Analytics and Advanced WAF/ASM,"The vulnerability involves the Traffic Management Microkernel (TMM) being susceptible to termination due to certain undisclosed requests. This issue arises particularly when the Application Visibility and Reporting module is used, especially with HTTP Analytics profiles that include URLs on virtual servers combined with enabled database variables such as avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI. The BIG-IP Advanced WAF and ASM are also affected under similar circumstances when specific DoS or Bot Defense profiles are configured. It is important to note that by default, the database variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are disabled, thereby requiring careful configuration to mitigate the risk.",F5,Big-ip,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-02-14T16:30:25.339Z,0
CVE-2024-21789,https://securityvulnerability.io/vulnerability/CVE-2024-21789,Undisclosed Requests Can Cause Memory Resource Utilization Increase in BIG-IP ASM/Advanced WAF,"A notable issue exists within the BIG-IP ASM and Advanced WAF products from F5, where specific configurations of a security policy on a virtual server can lead to unforeseen increases in memory resource utilization. This behavior may result in performance degradation and could affect the operational integrity of the associated services. It is crucial for users to monitor their systems and apply any recommended updates or workarounds provided by F5 to mitigate potential impacts.",F5,BIG-IP,7.5,HIGH,0.0005499999970197678,false,false,false,false,,false,false,2024-02-14T16:30:24.980Z,0
CVE-2024-23308,https://securityvulnerability.io/vulnerability/CVE-2024-23308,Undisclosed Requests Can Cause BD Process Termination in BIG-IP Advanced WAF and ASM,"A vulnerability exists in the F5 BIG-IP Advanced WAF and BIG-IP ASM that can lead to unexpected termination of the BD process when specific configurations are applied. This issue arises when a policy containing the Request Body Handling option is enabled for a virtual server. The profile must include 'Apply value and content signatures and detect threat campaigns' for an Allowed URL. Users utilizing software versions that have reached their End of Technical Support are not subject to this evaluation, emphasizing the need for timely updates and oversight in security practices. Admin attention is essential to mitigate these risks effectively.",F5,BIG-IP,7.5,HIGH,0.0005499999970197678,false,false,false,false,,false,false,2024-02-14T16:30:24.610Z,0