F5 Big-ip_ssl_orchestrator
108 CVEs affecting F5 Big-ip_ssl_orchestrator. Latest disclosed: 2026-05-13. Critical: 2, High: 69.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-41373 | Critical | 9.9 | 2023-10-10 | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP syst… |
CVE-2023-46747 | Critical | 9.8 | 2023-10-26 | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port… |
CVE-2025-20029 | High | 8.8 | 2025-02-05 | Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitra… |
CVE-2023-46748 | High | 8.8 | 2023-10-26 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the… |
CVE-2021-23026 | High | 8.8 | 2021-09-14 | BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all vers… |
CVE-2021-23025 | High | 8.8 | 2021-09-14 | On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execu… |
CVE-2025-61958 | High | 8.7 | 2025-10-15 | A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions… |
CVE-2025-59481 | High | 8.7 | 2025-10-15 | A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource adm… |
CVE-2025-53868 | High | 8.7 | 2025-10-15 | When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using… |
CVE-2025-31644 | High | 8.7 | 2025-05-07 | When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow a… |
CVE-2023-43746 | High | 8.7 | 2023-10-10 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP exte… |
CVE-2023-22374 | High | 8.5 | 2023-02-01 | A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arb… |
CVE-2021-22978 | High | 8.3 | 2021-02-12 | On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed e… |
CVE-2021-23012 | High | 8.2 | 2021-05-10 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the… |
CVE-2023-40537 | High | 8.1 | 2023-10-10 | An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION pl… |
CVE-2025-24320 | High | 8.0 | 2025-02-05 | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript i… |
CVE-2024-31156 | High | 8.0 | 2024-05-08 | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript… |
CVE-2023-43611 | High | 7.8 | 2023-10-10 | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due… |
CVE-2025-61990 | High | 7.5 | 2025-10-15 | When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Softwa… |
CVE-2025-58071 | High | 7.5 | 2025-10-15 | When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions wh… |