cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41691,https://securityvulnerability.io/vulnerability/CVE-2022-41691,BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691,"When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.",F5,Big-ip Advanced Waf & Asm,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-41617,https://securityvulnerability.io/vulnerability/CVE-2022-41617,BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617,"In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.",F5,Big-ip Advanced Waf & Asm,7.2,HIGH,0.0030300000216811895,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-41836,https://securityvulnerability.io/vulnerability/CVE-2022-41836,BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836,"When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.",F5,Big-ip Advanced Waf & Asm,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-29491,https://securityvulnerability.io/vulnerability/CVE-2022-29491,Denial of Service Vulnerability in F5 BIG-IP Components,"The vulnerability exists in F5 BIG-IP components configured with HTTP or TCP on one side and DTLS on the other, where certain undisclosed requests can lead to unexpected TMM process termination. This situation may result in service disruptions, affecting the overall availability of services running on affected F5 BIG-IP installations. Versions 16.1.x, 15.1.x, 14.1.x, and legacy versions are impacted, necessitating prompt attention to mitigate potential risks.",F5,"Big-ip Ltm, Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-25946,https://securityvulnerability.io/vulnerability/CVE-2022-25946,Integrity Check Bypass in F5 BIG-IP Products,"In certain versions of F5 BIG-IP Advanced WAF, ASM, and Guided Configuration, an authenticated attacker with Administrator privileges may exploit a missing integrity check in Appliance mode to bypass critical restrictions. This vulnerability presents a significant concern for organizations relying on these F5 products for secure web application functionality.",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27806,https://securityvulnerability.io/vulnerability/CVE-2022-27806,Command Injection Vulnerability in F5 BIG-IP Products by F5 Networks,"An authenticated attacker with the Administrator role can exploit command injection vulnerabilities in undisclosed URIs within F5 BIG-IP Guided Configuration. This exploitation allows for the bypassing of Appliance mode restrictions in affected versions of F5 BIG-IP Advanced WAF and ASM, potentially compromising the security of the system.",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0012700000079348683,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-26890,https://securityvulnerability.io/vulnerability/CVE-2022-26890,Session Awareness Vulnerability in F5 BIG-IP Web Application Security,"A vulnerability exists in F5 BIG-IP versions of Advanced WAF, ASM, and APM that can lead to the termination of the bd process. This occurs when these components are configured on a virtual server, and the ASM policy has Session Awareness enabled with the 'Use APM Username and Session ID' option. Undisclosed requests can exploit this configuration, potentially leading to service disruptions. It’s critical to monitor and address affected versions to maintain security and system stability.",F5,"Big-ip Advanced Waf, Asm, And Apm",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-23031,https://securityvulnerability.io/vulnerability/CVE-2022-23031,XML External Entity Vulnerability in F5 Advanced Web Application Firewall,An XML External Entity (XXE) vulnerability exists in F5's Advanced Web Application Firewall and the Traffic Management User Interface. It affects several versions of BIG-IP and enables an authenticated attacker with high privileges to access local files and manipulate BIG-IP to send unauthorized HTTP requests. This potential exposure could lead to data exfiltration and unauthorized actions within the network.,F5,"Big-ip Fps, Asm, And Advanced Waf",4.9,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-01-25T19:11:33.000Z,0
CVE-2022-23026,https://securityvulnerability.io/vulnerability/CVE-2022-23026,Data Upload Vulnerability in BIG-IP ASM and Advanced WAF by F5 Networks,"An authenticated user with minimal privileges can exploit a vulnerability in specific versions of F5 Networks' BIG-IP ASM and Advanced WAF to upload data via an undisclosed REST endpoint. This leads to increased disk resource utilization, potentially impacting system performance. Notably, the issue affects multiple versions, underscoring the importance of updating to supported releases. Please note that versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.",F5,Big-ip Asm & Advanced Waf,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-01-25T19:11:26.000Z,0
CVE-2021-23029,https://securityvulnerability.io/vulnerability/CVE-2021-23029,Server-Side Request Forgery Vulnerability in F5 Advanced Web Application Firewall,"The F5 Advanced Web Application Firewall contains a vulnerability that allows authenticated users with guest privileges to exploit insufficient permission checks, enabling them to perform Server-Side Request Forgery (SSRF) attacks via the BIG-IP ASM Configuration utility. This vulnerability affects versions prior to 16.0.1.2 of the F5 Advanced Web Application Firewall, which can allow unauthorized access and manipulation of sensitive server resources.",F5,Big-ip Advanced Waf And Big-ip Asm,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2021-09-14T23:15:00.000Z,0
CVE-2021-23028,https://securityvulnerability.io/vulnerability/CVE-2021-23028,F5 Advanced Web Application Firewall Vulnerability Affecting Multiple Versions,"In specific versions of the F5 Advanced Web Application Firewall, a vulnerability exists when JSON content profiles are configured for URLs within a security policy. This flaw can lead to the termination of the BIG-IP ASM bd process when handling undisclosed requests. As a result, it could disrupt the normal operation of the firewall, impacting the availability of web applications under its protection.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-09-14T20:53:54.000Z,0
CVE-2021-23030,https://securityvulnerability.io/vulnerability/CVE-2021-23030,WebSocket Profile Vulnerability in BIG-IP Advanced WAF and ASM,"A vulnerability in BIG-IP Advanced WAF and BIG-IP ASM could allow undisclosed requests to cause the application to terminate when a WebSocket profile is enabled. This issue affects specific versions of the software, making it crucial for users to review their deployments and apply necessary updates to mitigate any potential risks.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-09-14T20:43:01.000Z,0
CVE-2021-23031,https://securityvulnerability.io/vulnerability/CVE-2021-23031,Privilege Escalation Vulnerability in F5 BIG-IP Advanced WAF and ASM Configuration Utility,"An authenticated user may exploit a vulnerability in the F5 BIG-IP Advanced WAF and ASM Configuration utility to perform unauthorized actions, leading to potential privilege escalation. This affects several versions within the BIG-IP series prior to specified updates. It is crucial to ensure that you are running a supported version to mitigate this risk.",F5,Big-ip Advanced Waf And Big-ip Asm,9.9,CRITICAL,0.002259999979287386,false,,false,false,false,,,false,false,,2021-09-14T18:07:06.000Z,0
CVE-2021-23036,https://securityvulnerability.io/vulnerability/CVE-2021-23036,Denial of Service Vulnerability in F5 BIG-IP ASM and DataSafe Configuration,"A vulnerability exists in F5 BIG-IP versions prior to 16.0.1.2 when configured with both ASM and DataSafe profiles. Undisclosed requests can lead to unexpected termination of the Traffic Management Microkernel (TMM), resulting in potential service interruptions. Users are advised to upgrade to the latest supported versions to mitigate this issue. Additionally, software that has reached End of Technical Support is not assessed in this context.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-09-14T18:02:18.000Z,0
CVE-2021-23033,https://securityvulnerability.io/vulnerability/CVE-2021-23033,WebSocket Profile Vulnerability in BIG-IP Advanced WAF and ASM,"The vulnerability involves the BIG-IP Advanced WAF and ASM when a WebSocket profile is active on a virtual server. Specific undisclosed requests can result in unintended termination of the bd process. This issue impacts various versions of the product, so it is essential for users to ensure they are using supported software versions and apply relevant patches to mitigate potential risks.",F5,Big-ip Advanced Waf And Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-09-14T17:15:34.000Z,0
CVE-2021-23050,https://securityvulnerability.io/vulnerability/CVE-2021-23050,Cross-Site Request Forgery Vulnerability in F5 BIG-IP Products,"A vulnerability exists in F5 BIG-IP Advanced WAF and ASM versions prior to 16.0.1.2 and 15.1.3, along with all versions of NGINX App Protect. When a CSRF-enabled policy is configured on a virtual server, an unhandled HTML response may cause the bd process to unexpectedly terminate, resulting in potential disruption of service. It is crucial for users to upgrade to the latest versions to mitigate this risk and ensure optimal security.",F5,Big-ip Advanced Waf And Big-ip Asm; Nginx App Protect,7.5,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2021-09-14T12:31:38.000Z,0
CVE-2021-23053,https://securityvulnerability.io/vulnerability/CVE-2021-23053,Brute Force Protection Flaw in BIG-IP Advanced WAF and ASM by F5 Networks,"A flaw exists in the brute force protection feature of F5 Networks' BIG-IP Advanced WAF and BIG-IP ASM. When enabled on a virtual server and subjected to a brute force attack, this vulnerability may cause the MySQL database to run out of disk space. This issue arises from a lack of row limit on certain undisclosed tables in the MySQL database, potentially leading to service disruption. Affected versions include 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6. It's important to note that software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.",F5,Big-ip Advanced Waf And Big-ip Asm,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-09-14T12:28:35.000Z,0
CVE-2021-22993,https://securityvulnerability.io/vulnerability/CVE-2021-22993,DOM-Based XSS in F5 BIG-IP Advanced WAF and ASM Products,"A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the properties page for DoS Profile in F5 BIG-IP Advanced WAF and ASM. This flaw affects specific versions prior to their respective patches, allowing attackers to manipulate the DOM of the affected web application. Such manipulation can lead to unauthorized actions being executed on behalf of users, making it crucial for administrators to apply the necessary updates to safeguard their systems.",F5,Big-ip Advanced Waf And Big-ip Asm,8.8,HIGH,0.0019499999471008778,false,,false,false,false,,,false,false,,2021-03-31T17:45:51.000Z,0
CVE-2021-23001,https://securityvulnerability.io/vulnerability/CVE-2021-23001,File Upload Vulnerability in BIG-IP Advanced WAF and ASM by F5 Networks,"The upload functionality within F5 Networks' BIG-IP Advanced WAF and ASM has a vulnerability that permits authenticated users to upload files. This activity can be executed via an undisclosed iControl REST endpoint across several software versions, potentially compromising the integrity and security of the BIG-IP system. It is critical for organizations using affected versions to address this vulnerability to prevent unauthorized file uploads and associated risks.",F5,Big-ip Advanced Waf And Big-ip Asm,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-03-31T17:38:53.000Z,0
CVE-2021-22989,https://securityvulnerability.io/vulnerability/CVE-2021-22989,Remote Command Execution Vulnerability in BIG-IP by F5 Networks,"An authenticated remote command execution vulnerability exists in the Configuration Utility (TMUI) of F5 BIG-IP when deployed in Appliance mode with Advanced WAF or BIG-IP ASM provisioned. This flaw affects specific versions of BIG-IP, allowing unauthorized command execution under certain conditions. Users are advised to apply the necessary patches to mitigate potential risks.",F5,Big-ip Advanced Waf Or Big-ip Asm In Appliance Mode,9.1,CRITICAL,0.0015899999998509884,false,,false,false,false,,,false,false,,2021-03-31T16:48:26.000Z,0
CVE-2021-22992,https://securityvulnerability.io/vulnerability/CVE-2021-22992,Buffer Overflow Vulnerability in F5 BIG-IP Advanced WAF,"A vulnerability exists in certain versions of F5 BIG-IP products, where a crafted HTTP response to a virtual server could trigger a buffer overflow. This condition may lead to a denial-of-service (DoS) attack and, in specific cases, allow for remote code execution (RCE), potentially compromising the entire system. Users of affected versions should review their deployed instances and consider applying the necessary patches to mitigate risk.",F5,Big-ip Advanced Waf And Big-ip Asm,9.8,CRITICAL,0.39441001415252686,false,,false,false,false,,,false,false,,2021-03-31T16:47:05.000Z,0
CVE-2021-22990,https://securityvulnerability.io/vulnerability/CVE-2021-22990,Authenticated Remote Command Execution in F5 BIG-IP with Advanced WAF,"A vulnerability exists in the Traffic Management User Interface (TMUI) of F5 BIG-IP systems with Advanced WAF or BIG-IP ASM provisioned, allowing authenticated users to execute remote commands on the affected systems through undisclosed pages. This can lead to unauthorized system control and compromise the integrity of the application.",F5,Big-ip Advanced Waf Or Big-ip Asm,7.2,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2021-03-31T16:44:38.000Z,0
CVE-2021-22984,https://securityvulnerability.io/vulnerability/CVE-2021-22984,Open Redirection Vulnerability in F5 BIG-IP Advanced WAF and ASM,"The vulnerability in F5 BIG-IP Advanced WAF and ASM allows for Open Redirection attacks when an unauthenticated client sends a crafted URI. This can impact clients and web servers when using a DoS profile with Proactive Bot Defense or Bot Defense profile settings. It specifically affects multiple versions of the software, opening the door for malicious users to redirect traffic in unsanctioned ways, potentially leading to further exploitation or data breaches.",F5,Big-ip Advanced Waf & Big-ip Asm,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-02-12T19:21:56.000Z,0
CVE-2021-22976,https://securityvulnerability.io/vulnerability/CVE-2021-22976,Excessive CPU Usage in BIG-IP Advanced WAF and ASM by F5 Networks,"A resource exhaustion vulnerability exists in specific versions of the F5 BIG-IP Advanced WAF and ASM systems. When handling WebSocket requests that contain JSON payloads, an unusually high number of parameters can lead to excessive CPU consumption within the BIG-IP ASM bd process. This excessive usage could potentially result in performance degradation and impact the overall functionality of the firewall, allowing for potential denial of service scenarios.",F5,Big-ip Advanced Waf & Big-ip Asm,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-02-12T17:43:49.000Z,0
CVE-2020-27728,https://securityvulnerability.io/vulnerability/CVE-2020-27728,Data Processing Issue in F5 Networks' BIG-IP ASM and Advanced WAF,"An issue has been identified in F5 Networks' BIG-IP ASM and Advanced WAF, where under specific conditions, the Analytics, Visibility, and Reporting Daemon (AVRD) may unintentionally generate a core file and restart when processing requests originating from mobile devices. This behavior could potentially disrupt the normal operation of the system and affect data integrity and availability.",F5,Big-ip Asm & Advanced Waf,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-24T15:33:32.000Z,0