CVSS: 9.8EPSS: 46%CPEs: 66EXPL: 73CVE-2022-1388 – F5 BIG-IP Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2022-1388
05 May 2022 — On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En F5 BIG-IP versiones 16.1.x anteriores a 16.1.2.2, versiones 15.1.x anteriores a 15.1.5.1, versiones 14.1.x anteriores a 14.1.4.6, versiones 13.1.x anteriores a 13.1.5 ... • https://packetstorm.news/files/id/167007 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 341EXPL: 0CVE-2022-27189
https://notcve.org/view.php?id=CVE-2022-27189
05 May 2022 — On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En F5 BIG-IP versiones ... • https://support.f5.com/csp/article/K16187341 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 4.9EPSS: 0%CPEs: 341EXPL: 0CVE-2022-26835
https://notcve.org/view.php?id=CVE-2022-26835
05 May 2022 — On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Techn... • https://support.f5.com/csp/article/K53197140 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 70EXPL: 0CVE-2022-23029
https://notcve.org/view.php?id=CVE-2022-23029
25 Jan 2022 — On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1, 14.1.x anteriores a 14.1.4.4 y todas las versiones de 13.1.x, 12.1.x y 11.6.x... • https://support.f5.com/csp/article/K50343028 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2022-23027
https://notcve.org/view.php?id=CVE-2022-23027
25 Jan 2022 — On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 15.1.x anteriores a 15.1.4, 14.1.x anteriores a 14.1.4.4, 13.1.x... • https://support.f5.com/csp/article/K30573026 • CWE-697: Incorrect Comparison •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2022-23019
https://notcve.org/view.php?id=CVE-2022-23019
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2, 15.1.x anteriores a 15.1.4.1, 14.1.x anteriores a 14.1.4.4, y to... • https://support.f5.com/csp/article/K82793463 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2022-23023
https://notcve.org/view.php?id=CVE-2022-23023
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2.1, 15.1.x anteriores a 15.1.5, 14.1.x anteriores a 14.1.4.5, y todas las versiones de 13.1... • https://support.f5.com/csp/article/K11742742 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2022-23010
https://notcve.org/view.php?id=CVE-2022-23010
25 Jan 2022 — On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1, 14.1.x anteriores a 14.1.4.4 y todas las versiones de ... • https://support.f5.com/csp/article/K34360320 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 70EXPL: 0CVE-2021-23025
https://notcve.org/view.php?id=CVE-2021-23025
14 Sep 2021 — On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 15.1.x anteriores a 15.1.0.5, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.5 y todas las versiones de 12.1.x y 11.6.x, se presenta una vulnerabilidad d... • https://support.f5.com/csp/article/K55543151 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 66EXPL: 0CVE-2021-23037
https://notcve.org/view.php?id=CVE-2021-23037
14 Sep 2021 — On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x, se presenta una vulnerabilidad de tipo cros... • https://support.f5.com/csp/article/K21435974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •