Known Vulnerabilities for Big-ip Ddos Hybrid Defender by F5
Listed below are 10 of the newest known vulnerabilities associated with "Big-ip Ddos Hybrid Defender" by "F5".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-46748 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated at... | 8.8 - HIGH | 2023-10-26 | 2024-02-01 |
| CVE-2023-46747 | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-... | 9.8 - CRITICAL | 2023-10-26 | 2024-02-01 |
| CVE-2023-45219 | Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an ... | 4.4 - MEDIUM | 2023-10-10 | 2023-10-18 |
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many stre... | 7.5 - HIGH | 2023-10-10 | 2024-02-02 |
| CVE-2023-43746 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode r... | 8.7 - HIGH | 2023-10-10 | 2023-11-02 |
| CVE-2023-43611 | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation pr... | 7.8 - HIGH | 2023-10-10 | 2023-10-18 |
| CVE-2023-43485 | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log... | 5.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-42768 | When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is ... | 7.2 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-41964 | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Softwar... | 6.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-41373 | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to e... | 9.9 - CRITICAL | 2023-10-10 | 2023-10-17 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Big-ip Ddos Hybrid Defender | 16.0.1 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 16.0.0 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.1.2 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.1.1 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.1.0.5 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.1.0.4 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.1.0.2 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.1.0 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.0.1.4 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.0.1 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 15.0.0 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.3.1 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.7-0.0.5 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.7 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.6-0.0.2 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.6 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.5-0.0.3 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.5 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.3-0.0.5 | |||
| Application | F5 | Big-ip Ddos Hybrid Defender | 14.1.2.3 |