Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-26890

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • Published: May 5, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-26890
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
f5 / big-ip_access_policy_manager 13.1.0 13.1.0.x
f5 / big-ip_application_security_manager 13.1.0 13.1.0.x
f5 / big-ip_access_policy_manager 14.1.0 14.1.0.x
f5 / big-ip_application_security_manager 14.1.0 14.1.0.x
f5 / big-ip_application_security_manager 15.1.0 15.1.0.x
f5 / big-ip_access_policy_manager 15.1.0 15.1.0.x
f5 / big-ip_advanced_web_application_firewall 15.1.0 15.1.0.x
f5 / big-ip_access_policy_manager 14.1.4 14.1.4.x
f5 / big-ip_advanced_web_application_firewall 14.1.4 14.1.4.x
f5 / big-ip_application_security_manager 14.1.4 14.1.4.x
f5 / big-ip_advanced_web_application_firewall 16.1.0 16.1.0.x
f5 / big-ip_access_policy_manager 16.1.0 16.1.0.x
f5 / big-ip_application_security_manager 16.1.0 16.1.0.x
f5 / big-ip_access_policy_manager 16.1.2 16.1.2.x
f5 / big-ip_access_policy_manager 16.1.1 16.1.1.x
f5 / big-ip_access_policy_manager 15.1.5 15.1.5.x
f5 / big-ip_access_policy_manager 15.1.4 15.1.4.x
f5 / big-ip_access_policy_manager 15.1.3 15.1.3.x
f5 / big-ip_access_policy_manager 15.1.2 15.1.2.x
f5 / big-ip_access_policy_manager 15.1.1 15.1.1.x
f5 / big-ip_access_policy_manager 14.1.3 14.1.3.x
f5 / big-ip_access_policy_manager 14.1.2 14.1.2.x
f5 / big-ip_access_policy_manager 13.1.5 13.1.5.x
f5 / big-ip_access_policy_manager 13.1.4 13.1.4.x
f5 / big-ip_access_policy_manager 13.1.3 13.1.3.x
f5 / big-ip_access_policy_manager 13.1.1 13.1.1.x
f5 / big-ip_application_security_manager 16.1.2 16.1.2.x
f5 / big-ip_application_security_manager 16.1.1 16.1.1.x
f5 / big-ip_application_security_manager 15.1.5 15.1.5.x
f5 / big-ip_application_security_manager 15.1.4 15.1.4.x
f5 / big-ip_application_security_manager 15.1.3 15.1.3.x
f5 / big-ip_application_security_manager 15.1.2 15.1.2.x
f5 / big-ip_application_security_manager 15.1.1 15.1.1.x
f5 / big-ip_application_security_manager 14.1.3 14.1.3.x
f5 / big-ip_application_security_manager 14.1.2 14.1.2.x
f5 / big-ip_application_security_manager 13.1.5 13.1.5.x
f5 / big-ip_application_security_manager 13.1.4 13.1.4.x
f5 / big-ip_application_security_manager 13.1.3 13.1.3.x
f5 / big-ip_application_security_manager 13.1.1 13.1.1.x
f5 / big-ip_advanced_web_application_firewall 13.1.3 13.1.3.x
f5 / big-ip_advanced_web_application_firewall 16.1.2 16.1.2.x
f5 / big-ip_advanced_web_application_firewall 16.1.1 16.1.1.x
f5 / big-ip_advanced_web_application_firewall 15.1.5 15.1.5.x
f5 / big-ip_advanced_web_application_firewall 15.1.4 15.1.4.x
f5 / big-ip_advanced_web_application_firewall 15.1.3 15.1.3.x
f5 / big-ip_advanced_web_application_firewall 15.1.2 15.1.2.x
f5 / big-ip_advanced_web_application_firewall 15.1.1 15.1.1.x
f5 / big-ip_advanced_web_application_firewall 14.1.3 14.1.3.x
f5 / big-ip_advanced_web_application_firewall 14.1.2 14.1.2.x
f5 / big-ip_advanced_web_application_firewall 14.1.0 14.1.0.x
f5 / big-ip_advanced_web_application_firewall 13.1.5 13.1.5.x
f5 / big-ip_advanced_web_application_firewall 13.1.4 13.1.4.x
f5 / big-ip_advanced_web_application_firewall 13.1.1 13.1.1.x
f5 / big-ip_advanced_web_application_firewall 13.1.0 13.1.0.x