Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Very High
CVE-2022-41622
Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions,
BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
3
Attacker Value
Very High
CVE-2014-6271
Disclosure Date: September 24, 2014 (last updated July 25, 2024)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
2
Attacker Value
Unknown
CVE-2022-24669
Disclosure Date: October 20, 2022 (last updated December 22, 2024)
It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.
0
Attacker Value
Unknown
CVE-2022-24670
Disclosure Date: October 20, 2022 (last updated December 22, 2024)
An attacker can use the unrestricted LDAP queries to determine configuration entries
0
Attacker Value
Unknown
CVE-2022-41770
Disclosure Date: October 19, 2022 (last updated October 08, 2023)
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.
0
Attacker Value
Unknown
CVE-2022-35728
Disclosure Date: August 03, 2022 (last updated October 08, 2023)
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
0
Attacker Value
Unknown
CVE-2022-34844
Disclosure Date: August 03, 2022 (last updated October 08, 2023)
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
0
Attacker Value
Unknown
CVE-2022-29479
Disclosure Date: May 04, 2022 (last updated February 23, 2025)
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
0
Attacker Value
Unknown
CVE-2021-4201
Disclosure Date: December 07, 2021 (last updated February 23, 2025)
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
0
Attacker Value
Unknown
CVE-2002-20001
Disclosure Date: November 11, 2021 (last updated February 23, 2025)
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
0