Known Vulnerabilities for products from F5
Listed below are 20 of the newest known vulnerabilities associated with the vendor "F5".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by F5 can be found at device.report : F5
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27784 json | The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an at... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2026-27651 json | When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause work... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2025-53521 json | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Executi... | Not Provided | 2025-10-15 | 2026-03-31 |
| CVE-2023-46748 json | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated at... | 8.8 - HIGH | 2023-10-26 | 2024-02-01 |
| CVE-2023-46747 json | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-... | 9.8 - CRITICAL | 2023-10-26 | 2024-02-01 |
| CVE-2023-45226 json | The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials ... | 7.4 - HIGH | 2023-10-10 | 2023-10-18 |
| CVE-2023-45219 json | Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an ... | 4.4 - MEDIUM | 2023-10-10 | 2023-10-18 |
| CVE-2023-44487 json | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many stre... | 7.5 - HIGH | 2023-10-10 | 2024-02-02 |
| CVE-2023-43746 json | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode r... | 8.7 - HIGH | 2023-10-10 | 2023-11-02 |
| CVE-2023-43611 json | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation pr... | 7.8 - HIGH | 2023-10-10 | 2023-10-18 |
| CVE-2023-43485 json | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log... | 5.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-43125 json | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Techni... | 8.2 - HIGH | 2023-09-27 | 2023-10-02 |
| CVE-2023-43124 json | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Techn... | 7.1 - HIGH | 2023-09-27 | 2023-09-29 |
| CVE-2023-42768 json | When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is ... | 7.2 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-41964 json | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Softwar... | 6.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-41373 json | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to e... | 9.9 - CRITICAL | 2023-10-10 | 2023-10-17 |
| CVE-2023-41253 json | When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in ... | 5.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-41085 json | When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions whi... | 7.5 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-40542 json | When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause ... | 7.5 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-40537 json | An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration u... | 8.1 - HIGH | 2023-10-10 | 2023-10-19 |
Known software with vulnerabilities from F5
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | F5 | 3 Dns | - |
| Application | F5 | Access Policy Manager Clients | 7.1.5 |
| Hardware | F5 | Arx | - |
| Application | F5 | Arx | 6.0.0 |
| Application | F5 | Arx Data Manager | 3.0.0 |
| Operating System | F5 | Arx Firmware | 6.0.0 |
| Hardware | F5 | Big-ip | - |
| Application | F5 | Big-ip | - |
| Hardware | F5 | Big-ip 1000 | - |
| Hardware | F5 | Big-ip 11050 | - |
| Hardware | F5 | Big-ip 1500 | - |
| Hardware | F5 | Big-ip 1600 | - |
| Hardware | F5 | Big-ip 2000 | c112 |
| Hardware | F5 | Big-ip 2000s | - |
| Hardware | F5 | Big-ip 2200s | - |
| Hardware | F5 | Big-ip 2400 | - |
| Hardware | F5 | Big-ip 3400 | - |
| Hardware | F5 | Big-ip 3410 | - |
| Hardware | F5 | Big-ip 3600 | - |
| Hardware | F5 | Big-ip 3900 | - |