Big-ip afm

This hub aggregates every CVE we track for Big-ip afm, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Networking Infrastructureon-premnetwork device

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM6HIGH5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 11 most recently published vulnerabilities affecting Big-ip afm.

CVE-2025-24312BIG-IP AFM vulnerability7.5Feb 5, 2025
CVE-2022-41806BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-418067.5Oct 19, 2022
CVE-2022-28695On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high pr...7.2May 5, 2022
CVE-2019-6672On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BI...7.5Nov 27, 2019
CVE-2019-6658On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.4.3Nov 1, 2019
CVE-2018-15313On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.6.1Oct 19, 2018
CVE-2018-15314On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.6.1Oct 19, 2018
CVE-2017-6142X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and t...4.8Jan 19, 2018
CVE-2017-0304A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact...5.4Dec 21, 2017
CVE-2017-6166In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing frag...5.9Nov 22, 2017
CVE-2017-6168On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may...7.4Nov 17, 2017

Product normalization is registry-driven with AI assist and human review. How it works