Big\-Ip_access_policy_manager - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Big\-Ip_access_policy_manager
(F5)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	518

Date	Id	Summary	Products	Score	Patch	Annotated
2023-05-03	CVE-2023-29163	When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe	N/A
2023-08-02	CVE-2023-36858	An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Access_policy_manager_clients, Big\-Ip_access_policy_manager	5.5
2023-08-02	CVE-2023-38138	A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe	6.1
2023-08-02	CVE-2023-38418	The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Access_policy_manager_clients, Big\-Ip_access_policy_manager	7.8
2023-08-02	CVE-2023-38419	An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe, Big\-Iq_centralized_management	N/A
2023-08-02	CVE-2023-38423	A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe	5.4
2023-08-02	CVE-2023-3470	Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The...	Big\-Ip_10200v\-F_firmware, Big\-Ip_10350v\-F_firmware, Big\-Ip_11000\-F_firmware, Big\-Ip_11050\-F_firmware, Big\-Ip_5250v\-F_firmware, Big\-Ip_6900\-F_firmware, Big\-Ip_7200v\-F_firmware, Big\-Ip_8900\-F_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_i15820\-Df_firmware, Big\-Ip_i5820\-Df_firmware, Big\-Ip_i7820\-Df_firmware, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe	6.1
2023-09-27	CVE-2023-43124	BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated	Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client	7.1
2023-09-27	CVE-2023-43125	BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated	Big\-Ip_access_policy_manager, Big\-Ip_access_policy_manager_client	8.2
2023-10-10	CVE-2023-39447	When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	Big\-Ip_access_policy_manager, Big\-Ip_guided_configuration	N/A