F5 Big-Ip Advanced Waf Asm vulnerabilities

3 known vulnerabilities affecting f5/big-ip_advanced_waf_asm.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH3

Vulnerabilities

Page 1 of 1

CVE-2022-41691HIGHCVSS 7.5≥ 14.1.x, < 14.1.5.22022-10-19

CVE-2022-41691 [HIGH] CWE-763 CVE-2022-41691: When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed reques When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

CVE-2022-41617HIGHCVSS 7.2≥ 16.1.x, < 16.1.3.1≥ 15.1.x, < 15.1.6.1+2 more2022-10-19

CVE-2022-41617 [HIGH] CWE-77 CVE-2022-41617: In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x befor In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

CVE-2022-41836HIGHCVSS 7.5≥ 17.0.x, < 17.0.0.1≥ 16.1.x, < 16.1.3.1+1 more2022-10-19

CVE-2022-41836 [HIGH] CWE-20 CVE-2022-41836: When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual se When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.