F5 Big-iq
20 CVEs affecting F5 Big-iq. Latest disclosed: 2026-05-13. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41957 | High | 8.8 | 2026-05-13 | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versio… |
CVE-2026-42406 | High | 8.7 | 2026-05-13 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify con… |
CVE-2026-40698 | High | 8.7 | 2026-05-13 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create… |
CVE-2026-32643 | High | 8.7 | 2026-05-13 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify con… |
CVE-2026-20916 | High | 8.1 | 2026-05-13 | An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system… |
CVE-2024-47139 | Medium | 6.8 | 2024-10-16 | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administra… |
CVE-2024-21782 | Medium | 6.7 | 2024-02-14 | BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (ba… |
CVE-2026-42937 | Medium | 6.5 | 2026-05-13 | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabi… |
CVE-2026-41959 | Medium | 6.5 | 2026-05-13 | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vu… |
CVE-2026-41219 | Medium | 6.5 | 2026-05-13 | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView fi… |
CVE-2022-41770 | Medium | 6.5 | 2022-10-19 | In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all ver… |
CVE-2023-43485 | Medium | 5.5 | 2023-10-10 | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which h… |
CVE-2023-29240 | Medium | 5.4 | 2023-05-03 | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software… |
CVE-2026-41954 | Medium | 4.9 | 2026-05-13 | Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated… |
CVE-2022-41694 | Medium | 4.9 | 2022-10-19 | In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and a… |
CVE-2023-41964 | Medium | 4.3 | 2023-10-10 | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End o… |
CVE-2023-38419 | Medium | 4.3 | 2023-08-02 | An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software ver… |
CVE-2019-6688 | | 2019-12-23 | On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0… | |
CVE-2019-6665 | | 2019-11-27 | On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an… | |
CVE-2014-3220 | | 2014-05-05 | F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a reques… |