F5 Big-Ip Automation Toolchain vulnerabilities
46 known vulnerabilities affecting f5/big-ip_automation_toolchain.
Total CVEs
46
CISA KEV
2
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH34MEDIUM10LOW1
Vulnerabilities
Page 3 of 3
CVE-2024-28889MEDIUMCVSS 5.9≥ 15.1.0, < 15.1.10.4≥ 16.1.0, < 16.1.4.3+1 more2024-05-08
CVE-2024-28889 [MEDIUM] CWE-825 CVE-2024-28889:
When an SSL profile with alert timeout is configured with a non-default value on a virtual server
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd
CVE-2024-32761MEDIUMCVSS 6.5≥ 15.1.0, < 15.1.102024-05-08
CVE-2024-32761 [MEDIUM] CWE-119 CVE-2024-32761: Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG
Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, aff
nvd
CVE-2024-33604MEDIUMCVSS 6.1≥ 15.1.0, < 15.1.10.4≥ 16.1.0, < 16.1.4.3+1 more2024-05-08
CVE-2024-33604 [MEDIUM] CWE-79 CVE-2024-33604:
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Config
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
nvd
CVE-2024-27202MEDIUMCVSS 4.7≥ 15.1.0, < 15.1.10.4≥ 16.1.0, < 16.1.4.3+1 more2024-05-08
CVE-2024-27202 [MEDIUM] CWE-79 CVE-2024-27202:
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Co
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd
CVE-2023-46747CRITICALCVSS 9.8KEVPoC≥ 13.1.0, ≤ 13.1.5≥ 14.1.0, ≤ 14.1.5+3 more2023-10-26
CVE-2023-46747 [CRITICAL] CWE-288 CVE-2023-46747: Undisclosed requests may bypass configuration utility authentication, allowing an attacker with netw
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
nvd
CVE-2023-46748HIGHCVSS 8.8KEV≥ 13.1.0, ≤ 13.1.5≥ 14.1.0, ≤ 14.1.5+3 more2023-10-26
CVE-2023-46748 [HIGH] CWE-89 CVE-2023-46748: An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) a
nvd
← Previous3 / 3