cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2022-35245,https://securityvulnerability.io/vulnerability/CVE-2022-35245,BIG-IP APM access policy vulnerability CVE-2022-35245,"In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0 CVE-2022-31473,https://securityvulnerability.io/vulnerability/CVE-2022-31473,BIG-IP APM Appliance mode vulnerability CVE-2022-31473,"In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,6.8,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0 CVE-2022-33203,https://securityvulnerability.io/vulnerability/CVE-2022-33203,BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203,"In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-08-03T00:00:00.000Z,0 CVE-2022-25946,https://securityvulnerability.io/vulnerability/CVE-2022-25946,,"On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-27806,https://securityvulnerability.io/vulnerability/CVE-2022-27806,,"On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0012499999720603228,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-28714,https://securityvulnerability.io/vulnerability/CVE-2022-28714,,"On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Apm,Big-ip Apm Clients",7.3,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-27230,https://securityvulnerability.io/vulnerability/CVE-2022-27230,,"On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Apm,Big-ip Guided Configuration (gc)",7.5,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-29263,https://securityvulnerability.io/vulnerability/CVE-2022-29263,,"On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Apm,Big-ip Apm Clients",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-27181,https://securityvulnerability.io/vulnerability/CVE-2022-27181,,"On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,Big-ip Apm,5.3,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-27636,https://securityvulnerability.io/vulnerability/CVE-2022-27636,,"On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Apm,Big-ip Apm Clients",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-29491,https://securityvulnerability.io/vulnerability/CVE-2022-29491,,"On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Ltm, Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-26890,https://securityvulnerability.io/vulnerability/CVE-2022-26890,,"On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the ""Use APM Username and Session ID"" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-27634,https://securityvulnerability.io/vulnerability/CVE-2022-27634,,"On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,Big-ip Apm,6.5,MEDIUM,0.004459999967366457,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0 CVE-2022-23014,https://securityvulnerability.io/vulnerability/CVE-2022-23014,,"On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,6.5,MEDIUM,0.001069999998435378,false,false,false,false,,false,false,2022-01-25T19:11:21.000Z,0 CVE-2021-23054,https://securityvulnerability.io/vulnerability/CVE-2021-23054,,"On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2021-09-27T10:40:38.000Z,0 CVE-2021-23047,https://securityvulnerability.io/vulnerability/CVE-2021-23047,,"On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,5.3,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2021-09-14T13:26:50.000Z,0 CVE-2021-23052,https://securityvulnerability.io/vulnerability/CVE-2021-23052,,"On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2021-09-14T12:18:25.000Z,0 CVE-2021-23016,https://securityvulnerability.io/vulnerability/CVE-2021-23016,,"On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,5.3,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2021-05-10T14:44:38.000Z,0 CVE-2021-23008,https://securityvulnerability.io/vulnerability/CVE-2021-23008,,"On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Apm,9.8,CRITICAL,0.00430000014603138,false,false,false,false,,false,false,2021-05-10T13:13:35.000Z,0 CVE-2021-23002,https://securityvulnerability.io/vulnerability/CVE-2021-23002,,"When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Apm And Edge Client,4.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-03-31T17:32:20.000Z,0 CVE-2021-22985,https://securityvulnerability.io/vulnerability/CVE-2021-22985,,"On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Apm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-02-12T17:48:22.000Z,0 CVE-2020-27729,https://securityvulnerability.io/vulnerability/CVE-2020-27729,,"In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.",F5,Big-ip Apm,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2020-12-24T15:17:55.000Z,0 CVE-2020-27722,https://securityvulnerability.io/vulnerability/CVE-2020-27722,,"In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption.",F5,Big-ip Apm,6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2020-12-24T15:13:24.000Z,0 CVE-2020-27723,https://securityvulnerability.io/vulnerability/CVE-2020-27723,,"In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process.",F5,Big-ip Apm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2020-12-24T15:09:19.000Z,0 CVE-2020-27716,https://securityvulnerability.io/vulnerability/CVE-2020-27716,,"On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.",F5,Big-ip Apm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2020-12-24T15:06:46.000Z,0