CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-23048
https://notcve.org/view.php?id=CVE-2021-23048
14 Sep 2021 — On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anter... • https://support.f5.com/csp/article/K19012930 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23022
https://notcve.org/view.php?id=CVE-2021-23022
10 Jun 2021 — On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 7.2.1.x anteriores a 7.2.1.3 y versiones 7.1.x anteriores a 7.1.9.9 Update 1, la carpeta temporal del servicio de instalación de Windows de BIG-IP Edge Client tiene permisos débiles de archivos y carpetas. Nota: Las versiones ... • https://support.f5.com/csp/article/K08503505 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-23016
https://notcve.org/view.php?id=CVE-2021-23016
10 May 2021 — On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP APM versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4.1, vers... • https://support.f5.com/csp/article/K75540265 •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2021-23011
https://notcve.org/view.php?id=CVE-2021-23011
10 May 2021 — On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 16.0.x anteriores a 16.0.1.1, versiones 1... • https://support.f5.com/csp/article/K10751325 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-23008
https://notcve.org/view.php?id=CVE-2021-23008
10 May 2021 — On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En la versión 15.1.x a... • https://support.f5.com/csp/article/K51213246 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2021-23004
https://notcve.org/view.php?id=CVE-2021-23004
31 Mar 2021 — On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x anteriores a ... • https://support.f5.com/csp/article/K31025212 •
CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 0CVE-2021-23001
https://notcve.org/view.php?id=CVE-2021-23001
31 Mar 2021 — On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En las versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriore... • https://support.f5.com/csp/article/K06440657 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 84EXPL: 0CVE-2021-22998
https://notcve.org/view.php?id=CVE-2021-22998
31 Mar 2021 — On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x ... • https://support.f5.com/csp/article/K31934524 •
CVSS: 4.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-23002
https://notcve.org/view.php?id=CVE-2021-23002
31 Mar 2021 — When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development ... • https://support.f5.com/csp/article/K71891773 •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2021-23003
https://notcve.org/view.php?id=CVE-2021-23003
31 Mar 2021 — On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2, versiones 14.1.x... • https://support.f5.com/csp/article/K43470422 •