cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35245,https://securityvulnerability.io/vulnerability/CVE-2022-35245,BIG-IP APM access policy vulnerability CVE-2022-35245,"In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-31473,https://securityvulnerability.io/vulnerability/CVE-2022-31473,BIG-IP APM Appliance mode vulnerability CVE-2022-31473,"In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,6.8,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-33203,https://securityvulnerability.io/vulnerability/CVE-2022-33203,BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203,"In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-08-03T00:00:00.000Z,0
CVE-2022-27806,https://securityvulnerability.io/vulnerability/CVE-2022-27806,Command Injection Vulnerability in F5 BIG-IP Products by F5 Networks,"An authenticated attacker with the Administrator role can exploit command injection vulnerabilities in undisclosed URIs within F5 BIG-IP Guided Configuration. This exploitation allows for the bypassing of Appliance mode restrictions in affected versions of F5 BIG-IP Advanced WAF and ASM, potentially compromising the security of the system.",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0012700000079348683,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27181,https://securityvulnerability.io/vulnerability/CVE-2022-27181,Resource Consumption Vulnerability in F5 BIG-IP APM by F5 Networks,"A resource consumption vulnerability exists in F5 BIG-IP APM when configured on a virtual server with an associated access profile using APM AAA NTLM Auth. Certain undisclosed requests can lead to increased internal resource utilization, potentially affecting the performance of the affected systems.",F5,Big-ip Apm,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-25946,https://securityvulnerability.io/vulnerability/CVE-2022-25946,Integrity Check Bypass in F5 BIG-IP Products,"In certain versions of F5 BIG-IP Advanced WAF, ASM, and Guided Configuration, an authenticated attacker with Administrator privileges may exploit a missing integrity check in Appliance mode to bypass critical restrictions. This vulnerability presents a significant concern for organizations relying on these F5 products for secure web application functionality.",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27230,https://securityvulnerability.io/vulnerability/CVE-2022-27230,Reflected Cross-Site Scripting Vulnerability in F5 BIG-IP APM and Guided Configuration,"A reflected cross-site scripting (XSS) vulnerability exists in F5 BIG-IP APM and Guided Configuration. This flaw allows attackers to execute malicious JavaScript in the browser of a logged-in user, potentially compromising sensitive information or session data. The vulnerability affects numerous versions of F5 BIG-IP APM from 16.1.x down to 11.6.x and all prior versions of F5 BIG-IP Guided Configuration before 9.0. Users are advised to apply necessary security patches and follow best practices to mitigate the risk.",F5,"Big-ip Apm,Big-ip Guided Configuration (gc)",7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-29491,https://securityvulnerability.io/vulnerability/CVE-2022-29491,Denial of Service Vulnerability in F5 BIG-IP Components,"The vulnerability exists in F5 BIG-IP components configured with HTTP or TCP on one side and DTLS on the other, where certain undisclosed requests can lead to unexpected TMM process termination. This situation may result in service disruptions, affecting the overall availability of services running on affected F5 BIG-IP installations. Versions 16.1.x, 15.1.x, 14.1.x, and legacy versions are impacted, necessitating prompt attention to mitigate potential risks.",F5,"Big-ip Ltm, Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27634,https://securityvulnerability.io/vulnerability/CVE-2022-27634,Privilege Escalation in F5 BIG-IP APM Product,"The BIG-IP APM by F5 Networks contains a vulnerability where specific versions fail to properly validate configurations. This oversight enables an authenticated attacker with high privileges to manipulate the APM policy, potentially leading to privilege escalation or remote code execution. Users of affected versions should prioritize applying updates to mitigate the risk of exploitation.",F5,Big-ip Apm,6.5,MEDIUM,0.004459999967366457,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-29263,https://securityvulnerability.io/vulnerability/CVE-2022-29263,Improper File Handling in F5 BIG-IP Access Management Products,"The vulnerability in F5 BIG-IP APM arises from the Edge Client Component Installer Service's failure to apply best practices when managing temporary files. This flaw can potentially allow unauthorized access or manipulation of sensitive data, compromising the integrity of the system. Users are advised to review their configurations and apply necessary patches to ensure their systems remain secure.",F5,"Big-ip Apm,Big-ip Apm Clients",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-28714,https://securityvulnerability.io/vulnerability/CVE-2022-28714,DLL Hijacking Vulnerability in F5 BIG-IP APM Products,"A DLL hijacking vulnerability was discovered in the F5 BIG-IP APM Windows Installer affecting multiple versions of the BIG-IP APM products and clients. This vulnerability enables potential attackers to exploit the installer, leading to unauthorized code execution. Users of affected products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",F5,"Big-ip Apm,Big-ip Apm Clients",7.3,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27636,https://securityvulnerability.io/vulnerability/CVE-2022-27636,Session Information Exposure Vulnerability in F5 BIG-IP APM,"An issue in F5 BIG-IP APM allows for the logging of sensitive session-related information when the VPN is initiated on a Windows system. This vulnerability affects various versions of the BIG-IP APM, where exposed logs could potentially be accessed by unauthorized individuals, leading to possible exploitation of internal user data. It is crucial for organizations using these affected versions to evaluate their systems and take necessary precautions to mitigate this risk.",F5,"Big-ip Apm,Big-ip Apm Clients",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-26890,https://securityvulnerability.io/vulnerability/CVE-2022-26890,Session Awareness Vulnerability in F5 BIG-IP Web Application Security,"A vulnerability exists in F5 BIG-IP versions of Advanced WAF, ASM, and APM that can lead to the termination of the bd process. This occurs when these components are configured on a virtual server, and the ASM policy has Session Awareness enabled with the 'Use APM Username and Session ID' option. Undisclosed requests can exploit this configuration, potentially leading to service disruptions. It’s critical to monitor and address affected versions to maintain security and system stability.",F5,"Big-ip Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-23014,https://securityvulnerability.io/vulnerability/CVE-2022-23014,Traffic Management Microkernel Termination in BIG-IP APM Portal Access,"In specific versions of F5’s BIG-IP APM, configurations on virtual servers can be exploited through discontinuous requests, causing the Traffic Management Microkernel (TMM) to crash. This can lead to potential service downtime and impact on network operations, particularly for those running on versions 15.1.x prior to 15.1.4.1 and 16.1.x prior to 16.1.2. It is crucial for users to evaluate their systems to ensure they are not operating under vulnerable configurations.",F5,Big-ip Apm,6.5,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-01-25T19:11:21.000Z,0
CVE-2021-23054,https://securityvulnerability.io/vulnerability/CVE-2021-23054,Reflected Cross-Site Scripting Vulnerability in F5 BIG-IP APM,"A reflected cross-site scripting vulnerability has been identified in the resource information page of authenticated users on the F5 BIG-IP APM system. This vulnerability occurs when the system is set up with a full webtop configuration. Affected versions include various iterations from 11.6.x through 16.x. Attackers could exploit this vulnerability to launch XSS attacks, potentially allowing them to execute malicious scripts in the context of the user’s browser, compromising sensitive information.",F5,Big-ip Apm,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-09-27T10:40:38.000Z,0
CVE-2021-23047,https://securityvulnerability.io/vulnerability/CVE-2021-23047,Memory Consumption Issue in F5 BIG-IP APM Due to OCSP Verification,"In certain versions of F5 BIG-IP APM—specifically, versions 16.x prior to 16.1.0, 15.1.x before 15.1.3.1, and various other legacy releases—an issue arises during the Online Certificate Status Protocol (OCSP) verification process. If a certificate includes Authority Information Access (AIA), certain undisclosed requests can lead to a significant increase in memory usage. It is crucial to note that software versions which have reached End of Technical Support (EoTS) are not included in the evaluation.",F5,Big-ip Apm,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-09-14T13:26:50.000Z,0
CVE-2021-23052,https://securityvulnerability.io/vulnerability/CVE-2021-23052,Open Redirect Vulnerability in BIG-IP APM by F5 Networks,"An open redirect vulnerability exists in F5 Networks' BIG-IP APM access policy, specifically on virtual servers running versions prior to 14.1.4.4 and throughout the 13.1.x line. This flaw allows an unauthenticated attacker to craft a redirect URI, potentially leading users to harmful sites. System administrators should ensure they are on the latest version and review the configurations of their access policies to prevent exploitation of this vulnerability.",F5,Big-ip Apm,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-09-14T12:18:25.000Z,0
CVE-2021-23016,https://securityvulnerability.io/vulnerability/CVE-2021-23016,Access Control Vulnerability in BIG-IP APM by F5 Networks,"An access control vulnerability exists in F5's BIG-IP APM which allows an attacker to bypass internal restrictions and access static content hosted within the APM. By crafting specific requests directed at an APM Virtual Server, malicious actors could potentially exploit this flaw, leading to unauthorized information disclosure. Users of affected versions should prioritize applying available security updates to mitigate risks.",F5,Big-ip Apm,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-05-10T14:44:38.000Z,0
CVE-2021-23008,https://securityvulnerability.io/vulnerability/CVE-2021-23008,Kerberos Authentication Bypass in BIG-IP APM Active Directory by F5 Networks,"A vulnerability exists in F5 Networks' BIG-IP APM where Active Directory authentication can be compromised due to a spoofed AS-REP response. This issue affects versions 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, along with all versions of 16.0.x and 11.6.x. An attacker could exploit this flaw by using a hijacked Key Distribution Center (KDC) connection or a compromised Active Directory server, potentially bypassing authentication mechanisms designed to protect sensitive data and access control.",F5,Big-ip Apm,9.8,CRITICAL,0.00430000014603138,false,,false,false,false,,,false,false,,2021-05-10T13:13:35.000Z,0
CVE-2021-23002,https://securityvulnerability.io/vulnerability/CVE-2021-23002,Session ID Exposure in BIG-IP APM and Edge Client by F5 Networks,"The F5 BIG-IP APM and Edge Client expose session IDs in the command arguments when launching the VPN from a web browser on Windows systems. This vulnerability affects several versions of both the BIG-IP APM and Edge Client, necessitating coordinated updates for both client and server to mitigate the risks associated with potential interception of session identifiers.",F5,Big-ip Apm And Edge Client,4.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-03-31T17:32:20.000Z,0
CVE-2021-22985,https://securityvulnerability.io/vulnerability/CVE-2021-22985,Denial of Service Vulnerability in BIG-IP APM by F5 Networks,"The BIG-IP APM by F5 Networks is susceptible to a Denial of Service (DoS) condition. In versions prior to 16.0.1.1 of BIG-IP APM, under specific circumstances while managing VPN traffic, the Traffic Management Microkernel (TMM) may experience excessive memory consumption. This issue allows an authenticated malicious VPN user to exploit the vulnerability, potentially leading to a DoS attack on the Application Policy Manager (APM). It's important to note that software versions that have reached End of Software Development (EoSD) are not subject to this evaluation.",F5,Big-ip Apm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-02-12T17:48:22.000Z,0
CVE-2020-27729,https://securityvulnerability.io/vulnerability/CVE-2020-27729,Open Redirect Vulnerability in F5 BIG-IP APM by F5 Networks,"Certain versions of F5 BIG-IP APM expose an open redirect vulnerability through an undisclosed link on the virtual server. This flaw allows a malicious actor to manipulate and construct a redirect URI that could lead users to unauthorized destinations, thereby risking sensitive information and system integrity. It is crucial to patch these affected versions to mitigate potential exploits.",F5,Big-ip Apm,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-12-24T15:17:55.000Z,0
CVE-2020-27722,https://securityvulnerability.io/vulnerability/CVE-2020-27722,Excessive Resource Consumption in BIG-IP APM due to VDI Plugin Issue,"A vulnerability in the VDI plugin of F5 Networks' BIG-IP APM allows for excessive resource consumption under specific conditions. This affects multiple versions of the product, compromising system performance and potentially leading to service disruptions.",F5,Big-ip Apm,6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2020-12-24T15:13:24.000Z,0
CVE-2020-27723,https://securityvulnerability.io/vulnerability/CVE-2020-27723,Traffic Management Microkernel Issue in F5 BIG-IP APM,"In specific versions of F5's BIG-IP APM, a processing flaw in the management of PingAccess requests could inadvertently trigger a restart of the Traffic Management Microkernel (TMM). This may result in service disruptions and affect the overall performance of applications utilizing the BIG-IP network platform. It is advisable for users of the affected versions to implement necessary updates and patches to safeguard their systems against potential disruptions.",F5,Big-ip Apm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-24T15:09:19.000Z,0
CVE-2020-27716,https://securityvulnerability.io/vulnerability/CVE-2020-27716,Traffic Management Microkernel Impact in F5 BIG-IP APM by F5 Networks,"A vulnerability exists in specific versions of F5 BIG-IP APM, where the Traffic Management Microkernel (TMM) experiences unresponsiveness and subsequent restarts when processing certain traffic types. This can potentially disrupt services and affect application availability, highlighting the importance of monitoring and updating system configurations to mitigate such issues.",F5,Big-ip Apm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-24T15:06:46.000Z,0