Vulnerabilities in F5
404 resultsCVE-2022-28695HIGHOn F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versionEPSS 0.8%CVE-2022-27182MEDIUMOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packetEPSS 0.8%CVE-2020-5854—On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certaiEPSS 0.8%CVE-2019-6627—On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enfoEPSS 0.8%CVE-2022-27878MEDIUMOn all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions priEPSS 0.8%CVE-2019-6626—On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-sitEPSS 0.8%CVE-2022-35735HIGHBIG-IP monitor configuration vulnerability CVE-2022-35735EPSS 0.8%CVE-2022-41741HIGHNGINX ngx_http_mp4_module vulnerability CVE-2022-41741EPSS 0.8%CVE-2022-26370MEDIUMOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session InitiEPSS 0.7%CVE-2022-29473MEDIUMOn F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG prEPSS 0.7%CVE-2022-26517MEDIUMOn F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAEPSS 0.7%CVE-2022-28706MEDIUMOn F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosedEPSS 0.7%CVE-2022-1468MEDIUMOn all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at leasEPSS 0.7%CVE-2022-28708MEDIUMOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SEPSS 0.7%CVE-2025-23239HIGHBIG-IP iControl REST vulnerabilityEPSS 0.7%CVE-2026-42934MEDIUMNGINX ngx_http_charset_module vulnerabilityEPSS 0.7%CVE-2022-28859MEDIUMOn F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-iEPSS 0.7%CVE-2022-25990MEDIUMOn 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions whicEPSS 0.7%CVE-2019-6688—On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.EPSS 0.7%CVE-2022-28716HIGHOn 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5,EPSS 0.7%