cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-25946,https://securityvulnerability.io/vulnerability/CVE-2022-25946,Integrity Check Bypass in F5 BIG-IP Products,"In certain versions of F5 BIG-IP Advanced WAF, ASM, and Guided Configuration, an authenticated attacker with Administrator privileges may exploit a missing integrity check in Appliance mode to bypass critical restrictions. This vulnerability presents a significant concern for organizations relying on these F5 products for secure web application functionality.",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27230,https://securityvulnerability.io/vulnerability/CVE-2022-27230,Reflected Cross-Site Scripting Vulnerability in F5 BIG-IP APM and Guided Configuration,"A reflected cross-site scripting (XSS) vulnerability exists in F5 BIG-IP APM and Guided Configuration. This flaw allows attackers to execute malicious JavaScript in the browser of a logged-in user, potentially compromising sensitive information or session data. The vulnerability affects numerous versions of F5 BIG-IP APM from 16.1.x down to 11.6.x and all prior versions of F5 BIG-IP Guided Configuration before 9.0. Users are advised to apply necessary security patches and follow best practices to mitigate the risk.",F5,"Big-ip Apm,Big-ip Guided Configuration (gc)",7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27806,https://securityvulnerability.io/vulnerability/CVE-2022-27806,Command Injection Vulnerability in F5 BIG-IP Products by F5 Networks,"An authenticated attacker with the Administrator role can exploit command injection vulnerabilities in undisclosed URIs within F5 BIG-IP Guided Configuration. This exploitation allows for the bypassing of Appliance mode restrictions in affected versions of F5 BIG-IP Advanced WAF and ASM, potentially compromising the security of the system.",F5,"Big-ip (advanced Waf, Apm, Asm),Big-ip Guided Configuration (gc)",8.7,HIGH,0.0012700000079348683,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-27878,https://securityvulnerability.io/vulnerability/CVE-2022-27878,Stored Cross-Site Scripting Vulnerability in F5 BIG-IP Products,"A stored cross-site scripting (XSS) vulnerability exists in the F5 BIG-IP Configuration utility across various versions. This vulnerability allows an attacker to execute arbitrary JavaScript in the context of any user who is currently logged in, potentially compromising sensitive information and user interactions. The issue is present in all specified versions of the F5 BIG-IP product and in the Guided Configuration (GC) prior to version 9.0. Users of affected versions are urged to assess their systems immediately and apply necessary security measures.",F5,"Big-ip,Big-ip Guided Configuration (gc)",6.8,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0