F5 Big-ip Wan Optimization Manager — known CVE vulnerabilities
Every CVE whose affected-product data names F5 Big-ip Wan Optimization Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2016-5022 — CVSS 9.8 (critical): F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before…
CVE-2014-2927 — CVSS 9.3 (critical): The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before…
CVE-2013-0150 — CVSS 9.3 (critical): Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4…
CVE-2011-3188 — CVSS 9.1 (critical): The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and…
CVE-2015-3628 — CVSS 9.0 (critical): The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0…
CVE-2012-3163 — CVSS 9.0 (critical): Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote…
CVE-2015-7394 — CVSS 9.0 (critical): The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before…
CVE-2016-5020 — CVSS 8.8 (high): F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration…
CVE-2015-4047 — CVSS 7.8 (high): racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash)…
CVE-2014-0101 — CVSS 7.8 (high): The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and…
CVE-2013-6016 — CVSS 7.8 (high): The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and…
CVE-2015-8022 — CVSS 7.5 (high): The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before…
CVE-2012-3000 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link…
CVE-2016-6876 — CVSS 7.5 (high): The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before…
CVE-2016-5736 — CVSS 7.5 (high): The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16…
CVE-2016-5023 — CVSS 7.5 (high): Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and…
CVE-2015-5516 — CVSS 7.5 (high): Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1…
CVE-2016-2084 — CVSS 7.4 (high): F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build…
CVE-2015-7393 — CVSS 7.4 (high): dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through…
CVE-2014-2928 — CVSS 7.1 (high): The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM…
CVE-2015-6546 — CVSS 6.1 (medium): The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP…
CVE-2014-4024 — CVSS 5.9 (medium): SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1…
CVE-2015-8099 — CVSS 5.9 (medium): F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before…
CVE-2013-3587 — CVSS 5.9 (medium): The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the…
CVE-2014-6032 — CVSS 5.5 (medium): Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0…
CVE-2016-7469 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics…
CVE-2014-5209 — CVSS 5.3 (medium): An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could…
CVE-2016-1497 — CVSS 4.9 (medium): The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before…
CVE-2014-6031 — CVSS 4.9 (medium): Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9…
CVE-2014-3959 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link…
CVE-2014-8730 — CVSS 4.3 (medium): The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM…
CVE-2014-4023 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link…
CVE-2015-8021 — CVSS 4.3 (medium): Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x…
CVE-2015-4040 — CVSS 4.0 (medium): Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows…
CVE-2014-4027 — CVSS 2.3 (low): The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a…