CPE Details
F5 Big-IP Application Security Manager (ASM) 17.1.0.3
17.1.0.3
2023-10-17
12h47 +00:00
12h47 +00:00
2023-10-17
12h47 +00:00
12h47 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0.3:*:*:*:*:*:*:*
Informations
Vendor
f5Product
big-ip_application_security_managerVersion
17.1.0.3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
High |
||
| When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
High |
||
| An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
High |
||
| Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |
Critical |
2025©
tesweb SA
