Vulnerabilities
Vulnerable Software
F5:  Security Vulnerabilities
When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.003
Published
2026-05-13
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.002
Published
2026-05-13
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.004
Published
2026-05-13
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.1
EPSS Score
0.002
Published
2026-05-13
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.003
Published
2026-05-13
When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.003
Published
2026-05-13
A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.6
EPSS Score
0.003
Published
2026-05-13
An authenticated iControl SOAP user may be able to obtain information of other accounts.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.1
EPSS Score
0.002
Published
2026-05-13
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.5
EPSS Score
0.002
Published
2026-05-13
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.5
EPSS Score
0.002
Published
2026-05-13


Contact Us

Shodan ® - All rights reserved