Vulnerabilidades en F5

404 resultados

Análisis Vexday

Com 404 CVEs catalogadas e taxa de exploração ativa 2,2 vezes acima da média geral do catálogo CISA KEV, os produtos F5 exigem atenção redobrada na priorização de correções. O destaque mais crítico é CVE-2022-1388, com escore EPSS de 0,9996 — indicando probabilidade extremamente alta de exploração ativa —, o que a posiciona como prioridade imediata de remediação. A presença de 8 CVEs com PoC pública e 9 de severidade crítica amplia a superfície de risco explorável, especialmente considerando que 59 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo relevante de descobertas recentes. O tipo de falha mais comum, CWE-476 (null pointer dereference), sugere oportunidades de melhoria estrutural no ciclo de desenvolvimento seguro, embora as explorações confirmadas tendam a concentrar-se nas falhas de controle de acesso e execução remota.

CVE-2025-41414HIGHBIG-IP HTTP/2 vulnerabilityEPSS 0.4%CVE-2025-55669HIGHBIG-IP HTTP/2 vulnerabilityEPSS 0.4%CVE-2023-22418MEDIUMBIG-IP APM virtual server vulnerabilityEPSS 0.3%CVE-2025-47150HIGHF5OS SNMP vulnerabilityEPSS 0.3%CVE-2019-6633—On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with AppEPSS 0.3%CVE-2024-23979HIGHBIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerabilityEPSS 0.3%CVE-2025-59483HIGHBIG-IP Configuration utility and tmsh vulnerabilityEPSS 0.3%CVE-2025-58071HIGHBIG-IP IPSec vulnerabilityEPSS 0.3%CVE-2026-1642HIGHNGINX vulnerabilityEPSS 0.3%CVE-2026-42926MEDIUMNGINX ngx_http_proxy_v2_module vulnerabilityEPSS 0.3%CVE-2024-10318MEDIUMNGINX OpenID Connect VulnerabilityEPSS 0.3%CVE-2023-38138HIGHBIG-IP Configuration utility vulnerabilityEPSS 0.3%CVE-2025-59478HIGHBIG-IP AFM DoS protection profile vulnerabilityEPSS 0.3%CVE-2026-32647HIGHNGINX ngx_http_mp4_module vulnerabilityEPSS 0.3%CVE-2020-5855—When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have phyEPSS 0.3%CVE-2022-27495MEDIUMOn all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: SoftwareEPSS 0.3%CVE-2022-1389LOWOn all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vuEPSS 0.3%CVE-2026-40060HIGHBIG-IP Advanced WAF and ASM vulnerabilityEPSS 0.3%CVE-2026-40067HIGHBIG-IP APM VulnerabilityEPSS 0.3%CVE-2026-40629HIGHBIG-IP SSL/TLS vulnerabilityEPSS 0.3%

← anteriorpágina 14 / 21siguiente →