F5: >> Big-Ip Automation Toolchain >> 16.1.4.3 Security Vulnerabilities
When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
7.5
EPSS Score
0.003
Published
2025-02-05
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-16
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.9
EPSS Score
0.007
Published
2024-08-14
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
4.3
EPSS Score
0.005
Published
2024-08-14
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-08-14
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-08-14
Page 4