F5: >> Big-Ip Ssl Orchestrator >> 15.1.2.1 Security Vulnerabilities
When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
7.5
EPSS Score
0.003
Published
2025-02-05
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-10-16
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-08
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-08
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.9
EPSS Score
0.003
Published
2024-05-08
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.0
EPSS Score
0.009
Published
2024-05-08
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-05-08
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
4.7
EPSS Score
0.005
Published
2024-05-08
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-10-26
CVE-2023-46748
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Known exploited
CVSS Score
8.8
EPSS Score
0.043
Published
2023-10-26