CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2023-38138 – BIG-IP Configuration utility vulnerability
https://notcve.org/view.php?id=CVE-2023-38138
02 Aug 2023 — A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en una página no revelada de la utilidad de configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario a... • https://my.f5.com/manage/s/article/K000133474 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-36858 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-36858
02 Aug 2023 — An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de verificación insuficiente de datos en BIG-IP Edge Client para Windows y macOS que puede permitir a un atacante modificar su lista de servidores configurados. Nota: No se evalúan las versiones de software que han alcanzado ... • https://my.f5.com/manage/s/article/K000132563 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-29163 – BIG-IP UDP Profile vulnerability
https://notcve.org/view.php?id=CVE-2023-29163
03 May 2023 — When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K20145107 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.3EPSS: 0%CPEs: 95EXPL: 0CVE-2023-28406 – BIG-IP Configuration utility vulnerability
https://notcve.org/view.php?id=CVE-2023-28406
03 May 2023 — A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132768 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2023-27378 – BIG-IP TMUI XSS vulnerability
https://notcve.org/view.php?id=CVE-2023-27378
03 May 2023 — Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2023-24594 – BIG-IP TMM SSL vulnerability
https://notcve.org/view.php?id=CVE-2023-24594
03 May 2023 — When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000133132 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-24461 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-24461
03 May 2023 — An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not eva... • https://my.f5.com/manage/s/article/K000132539 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2023-22372 – BIG-IP Edge Client for Windows and Mac OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22372
03 May 2023 — In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132522 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-23555 – BIG-IP Virtual Edition vulnerability
https://notcve.org/view.php?id=CVE-2023-23555
01 Feb 2023 — On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K24572686 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2023-22842 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22842
01 Feb 2023 — On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K08182564 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •