F5 Big-ip_application_visibility_and_reporting
70 CVEs affecting F5 Big-ip_application_visibility_and_reporting. Latest disclosed: 2026-05-13. Critical: 3, High: 43.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-41373 | Critical | 9.9 | 2023-10-10 | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP syst… |
CVE-2023-46747 | Critical | 9.8 | 2023-10-26 | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port… |
CVE-2019-10744 | Critical | 9.1 | 2019-07-26 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of… |
CVE-2025-20029 | High | 8.8 | 2025-02-05 | Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitra… |
CVE-2023-46748 | High | 8.8 | 2023-10-26 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the… |
CVE-2025-61958 | High | 8.7 | 2025-10-15 | A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions… |
CVE-2025-59481 | High | 8.7 | 2025-10-15 | A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource adm… |
CVE-2025-53868 | High | 8.7 | 2025-10-15 | When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using… |
CVE-2025-31644 | High | 8.7 | 2025-05-07 | When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow a… |
CVE-2023-43746 | High | 8.7 | 2023-10-10 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP exte… |
CVE-2023-40537 | High | 8.1 | 2023-10-10 | An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION pl… |
CVE-2025-24320 | High | 8.0 | 2025-02-05 | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript i… |
CVE-2024-31156 | High | 8.0 | 2024-05-08 | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript… |
CVE-2023-43611 | High | 7.8 | 2023-10-10 | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due… |
CVE-2025-61990 | High | 7.5 | 2025-10-15 | When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Softwa… |
CVE-2025-58071 | High | 7.5 | 2025-10-15 | When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions wh… |
CVE-2025-61951 | High | 7.5 | 2025-10-15 | Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2… |
CVE-2025-59781 | High | 7.5 | 2025-10-15 | When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Not… |
CVE-2025-58096 | High | 7.5 | 2025-10-15 | When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic M… |
CVE-2025-53856 | High | 7.5 | 2025-10-15 | When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Accelera… |