Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
f5

BIG-IP AFM

24 Versions 7 CVEs

Versions

12.1.0-12.1.5

OTHER 1 CVE

11.5.1-11.6.3.4

OTHER 1 CVE

ASM) 14.1.0-14.1.0.5

OTHER 2 CVEs

12.1.0-12.1.4

OTHER 3 CVEs

14.0.0-14.0.0.4

OTHER 3 CVEs

Analytics

OTHER 1 CVE

11.6.1-11.6.3.4

OTHER 1 CVE

PEM) 14.1.0-14.1.0.5

OTHER 1 CVE

13.0.0-13.1.1.4

OTHER 3 CVEs

11.5.1-11.5.8

OTHER 1 CVE

BIG-IP (AFM

OTHER 3 CVEs

11.5.1-11.6.4

OTHER 1 CVE

13.1.0

SEMANTIC 1 CVE

12.1.x

OTHER 1 CVE

17.0.0

SEMANTIC 2 CVEs

14.0.0-14.1.2

OTHER 2 CVEs

14.1.x

OTHER 1 CVE

11.6.x

OTHER 1 CVE

15.0.0-15.0.1

OTHER 2 CVEs

13.1.x

OTHER 1 CVE

15.1.x

OTHER 2 CVEs

14.1.0

SEMANTIC 1 CVE

13.1.0-13.1.3.1

OTHER 2 CVEs

16.1.x

OTHER 2 CVEs

Recent CVEs

CVE-2022-41806

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.

HIGH Oct 19, 2022

CVE-2022-28695

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

HIGH May 05, 2022

CVE-2019-6672

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.

UNKNOWN Nov 27, 2019

CVE-2019-6658

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.

UNKNOWN Nov 01, 2019

CVE-2019-6636

On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.

UNKNOWN Jul 03, 2019

CVE-2019-6626

On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility.

UNKNOWN Jul 03, 2019