cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-41691,https://securityvulnerability.io/vulnerability/CVE-2022-41691,BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691,"When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.",F5,Big-ip Advanced Waf & Asm,7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-41836,https://securityvulnerability.io/vulnerability/CVE-2022-41836,BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836,"When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.",F5,Big-ip Advanced Waf & Asm,7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-41617,https://securityvulnerability.io/vulnerability/CVE-2022-41617,BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617,"In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.",F5,Big-ip Advanced Waf & Asm,7.2,HIGH,0.0030300000216811895,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-25946,https://securityvulnerability.io/vulnerability/CVE-2022-25946,,"On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2022-27806,https://securityvulnerability.io/vulnerability/CVE-2022-27806,,"On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0012499999720603228,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2022-26890,https://securityvulnerability.io/vulnerability/CVE-2022-26890,,"On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the ""Use APM Username and Session ID"" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2022-29491,https://securityvulnerability.io/vulnerability/CVE-2022-29491,,"On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip Ltm, Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2022-23031,https://securityvulnerability.io/vulnerability/CVE-2022-23031,,"On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip Fps, Asm, And Advanced Waf",4.9,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2022-01-25T19:11:33.000Z,0
CVE-2022-23026,https://securityvulnerability.io/vulnerability/CVE-2022-23026,,"On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Asm & Advanced Waf,4.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2022-01-25T19:11:26.000Z,0
CVE-2021-23029,https://securityvulnerability.io/vulnerability/CVE-2021-23029,,"On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,8.8,HIGH,0.001019999966956675,false,false,false,false,,false,false,2021-09-14T23:15:00.000Z,0
CVE-2021-23028,https://securityvulnerability.io/vulnerability/CVE-2021-23028,,"On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-09-14T20:53:54.000Z,0
CVE-2021-23030,https://securityvulnerability.io/vulnerability/CVE-2021-23030,,"On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-09-14T20:43:01.000Z,0
CVE-2021-23031,https://securityvulnerability.io/vulnerability/CVE-2021-23031,,"On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,9.9,CRITICAL,0.002259999979287386,false,false,false,false,,false,false,2021-09-14T18:07:06.000Z,0
CVE-2021-23036,https://securityvulnerability.io/vulnerability/CVE-2021-23036,,"On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-09-14T18:02:18.000Z,0
CVE-2021-23033,https://securityvulnerability.io/vulnerability/CVE-2021-23033,,"On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-09-14T17:15:34.000Z,0
CVE-2021-23050,https://securityvulnerability.io/vulnerability/CVE-2021-23050,,"On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm; Nginx App Protect,7.5,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2021-09-14T12:31:38.000Z,0
CVE-2021-23053,https://securityvulnerability.io/vulnerability/CVE-2021-23053,,"On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,5.3,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2021-09-14T12:28:35.000Z,0
CVE-2021-22993,https://securityvulnerability.io/vulnerability/CVE-2021-22993,,"On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,8.8,HIGH,0.0019499999471008778,false,false,false,false,,false,false,2021-03-31T17:45:51.000Z,0
CVE-2021-23001,https://securityvulnerability.io/vulnerability/CVE-2021-23001,,"On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-03-31T17:38:53.000Z,0
CVE-2021-22989,https://securityvulnerability.io/vulnerability/CVE-2021-22989,,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf Or Big-ip Asm In Appliance Mode,9.1,CRITICAL,0.0015899999998509884,false,false,false,false,,false,false,2021-03-31T16:48:26.000Z,0
CVE-2021-22992,https://securityvulnerability.io/vulnerability/CVE-2021-22992,,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf And Big-ip Asm,9.8,CRITICAL,0.39441001415252686,false,false,false,false,,false,false,2021-03-31T16:47:05.000Z,0
CVE-2021-22990,https://securityvulnerability.io/vulnerability/CVE-2021-22990,,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf Or Big-ip Asm,7.2,HIGH,0.0015899999998509884,false,false,false,false,,false,false,2021-03-31T16:44:38.000Z,0
CVE-2021-22984,https://securityvulnerability.io/vulnerability/CVE-2021-22984,,"On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf & Big-ip Asm,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2021-02-12T19:21:56.000Z,0
CVE-2021-22976,https://securityvulnerability.io/vulnerability/CVE-2021-22976,,"On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip Advanced Waf & Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-02-12T17:43:49.000Z,0
CVE-2020-27728,https://securityvulnerability.io/vulnerability/CVE-2020-27728,,"On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.",F5,Big-ip Asm & Advanced Waf,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2020-12-24T15:33:32.000Z,0