threat
engine
.sh
Back
·
··:··
Home
/
Product
/
f5 big iq centralized management
Product
f5 big iq centralized management
77 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-47139
all versions
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an
6.8
MEDIUM
CVE-2024-24775
>= 8.0.0 and <= 8.3.0
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Manage
7.5
HIGH
CVE-2024-23979
>= 8.0.0 and <= 8.3.0
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on
7.5
HIGH
CVE-2024-23976
>= 8.0.0 and <= 8.3.0
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode res
6.0
MEDIUM
CVE-2024-23314
>= 8.0.0 and <= 8.3.0
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel
7.5
HIGH
CVE-2024-22389
>= 8.0.0 and <= 8.3.0
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer
7.2
HIGH
CVE-2024-22093
>= 8.0.0 and <= 8.3.0
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST end
8.7
HIGH
CVE-2024-21782
>= 8.0.0 and <= 8.3.0
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have
6.7
MEDIUM
CVE-2023-43485
>= 8.0.0 and < 8.2.0.1.0.13.97-eng
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. No
5.5
MEDIUM
CVE-2023-41964
>= 8.0.0 and <= 8.3.0
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software vers
4.3
MEDIUM
CVE-2023-38419
>= 8.2.0 and <= 8.3.0
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed
4.3
MEDIUM
CVE-2023-29240
>= 8.0.0 and < 8.3.0
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl RE
5.4
MEDIUM
CVE-2022-41622
>= 8.0.0 and <= 8.2.0
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note
8.8
HIGH
CVE-2022-41770
>= 8.0.0 and <= 8.2.0
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions
6.5
MEDIUM
CVE-2022-35728
all versions
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all version
8.1
HIGH
CVE-2022-34851
>= 8.0.0 and <= 8.2.0
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all version
4.3
MEDIUM
CVE-2022-34844
all versions
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Developm
5.9
MEDIUM
CVE-2022-29479
all versions
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versio
5.3
MEDIUM
CVE-2022-26340
>= 7.0.0 and <= 7.1.0
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versi
4.9
MEDIUM
CVE-2022-23023
>= 7.0.0 and <= 7.1.0
On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and
6.5
MEDIUM
CVE-2022-23009
all versions
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can
7.2
HIGH
CVE-2002-20001
>= 8.0.0 and <= 8.4.0
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actual
7.5
HIGH
CVE-2021-23026
>= 6.0.0 and <= 6.1.0
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 1
8.8
HIGH
CVE-2021-23024
>= 6.0.0 and <= 6.1.0
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote comman
7.2
HIGH
CVE-2021-23006
>= 6.0.0 and < 8.0.0
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note:
6.1
MEDIUM
CVE-2021-23005
>= 6.0.0 and < 8.0.0
On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover,
9.1
CRITICAL
CVE-2021-22997
>= 6.0.0 and < 8.0.0
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for th
7.5
HIGH
CVE-2021-22996
>= 7.0.0 and < 8.0.0
On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that rec
7.5
HIGH
CVE-2021-22995
>= 6.0.0 and <= 6.1.0
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does
7.5
HIGH
CVE-2021-22986
>= 6.0.0 and < 6.1.0
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before
9.8
CRITICAL
CVE-2021-22974
>= 6.0.0 and <= 6.1.0
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all version
7.5
HIGH
CVE-2020-5944
>= 7.1.0 and < 7.1.0.1
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message d
4.3
MEDIUM
CVE-2020-5930
>= 6.0.0 and <= 6.1.0
In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthen
7.5
HIGH
CVE-2020-5923
>= 6.0.0 and <= 6.1.0
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4
5.4
MEDIUM
CVE-2020-5917
>= 5.2.0 and <= 5.4.0
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BI
5.9
MEDIUM
CVE-2020-5890
>= 5.2.0 and <= 5.4.0
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, cre
5.5
MEDIUM
CVE-2020-5873
>= 5.2.0 and <= 5.4.0
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associa
7.2
HIGH
CVE-2020-5870
>= 5.2.0 and <= 5.4.0
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to t
8.1
HIGH
CVE-2020-5869
>= 5.2.0 and <= 5.4.0
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modif
9.1
CRITICAL
CVE-2020-5868
>= 6.0.0 and <= 6.1.0
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on
9.8
CRITICAL
CVE-2020-5860
>= 5.2.0 and <= 5.4.0
On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, a
8.1
HIGH
CVE-2020-5858
>= 5.2.0 and <= 5.4.0
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and
7.8
HIGH
CVE-2020-5854
>= 5.1.0 and <= 5.4.0
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes un
5.9
MEDIUM
CVE-2014-5209
>= 5.0.0 and <= 5.4.0
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, whi
5.3
MEDIUM
CVE-2019-19151
>= 5.0.0 and <= 5.4.0
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0
5.5
MEDIUM
CVE-2019-6688
>= 5.2.0 and <= 5.4.0
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ v
4.3
MEDIUM
CVE-2019-6665
>= 5.2.0 and <= 5.4.0
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and
9.4
CRITICAL
CVE-2019-6663
>= 5.2.0 and <= 5.4.0
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2
5.5
MEDIUM
CVE-2018-12207
>= 5.2.0 and <= 5.4.0
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an aut
6.5
MEDIUM
CVE-2019-6471
>= 5.1.0 and <= 5.4.0
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure i
5.9
MEDIUM
CVE-2018-5743
>= 5.0.0 and <= 5.4.0
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed conn
7.5
HIGH
CVE-2018-14880
>= 5.2.0 and <= 5.4.0
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
7.5
HIGH
CVE-2018-14468
>= 5.2.0 and <= 5.4.0
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
7.5
HIGH
CVE-2019-6653
>= 5.2.0 and <= 5.4.0
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The at
5.4
MEDIUM
CVE-2019-6652
>= 6.0.0 and <= 6.1.0
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security
6.5
MEDIUM
CVE-2019-6651
>= 5.2.0 and <= 5.4.0
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2
5.3
MEDIUM
CVE-2019-10744
>= 6.0.0 and <= 6.1.0
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into addin
9.1
CRITICAL
CVE-2019-6621
>= 5.1.0 and <= 5.4.0
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-
7.2
HIGH
CVE-2019-6620
>= 5.1.0 and <= 5.4.0
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5
7.2
HIGH
CVE-2019-6642
>= 5.1.0 and <= 5.4.0
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkf
8.8
HIGH
CVE-2019-11479
>= 5.1.0 and <= 5.4.0
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP
7.5
HIGH
CVE-2019-1559
>= 6.0.0 and <= 6.1.0
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9
MEDIUM
CVE-2018-15328
>= 5.0.0 and <= 5.4.0
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for
7.5
HIGH
CVE-2018-15322
>= 5.0.0 and <= 5.4.0
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.
6.5
MEDIUM
CVE-2018-15321
>= 5.0.0 and <= 5.4.0
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.
4.9
MEDIUM
CVE-2018-14634
>= 5.0.0 and <= 5.4.0
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to S
7.8
HIGH
CVE-2018-5540
>= 5.0.0 and <= 5.1.0
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Manag
4.4
MEDIUM
CVE-2018-5516
>= 5.0.0 and <= 5.4.0
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4
4.7
MEDIUM
CVE-2017-6152
>= 5.1.0 and <= 5.2.0
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords o
6.7
MEDIUM
CVE-2017-6128
all versions
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG
7.5
HIGH
CVE-2016-5022
all versions
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.
9.8
CRITICAL
CVE-2016-5021
all versions
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x b
4.9
MEDIUM
CVE-2015-8099
all versions
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x
5.9
MEDIUM
CVE-2015-7393
all versions
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.
7.4
HIGH
CVE-2015-4047
all versions
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon
CVE-2014-0196
all versions
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in t
5.5
MEDIUM
CVE-2014-0101
all versions
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enabl
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin