Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch the May 2024 Quarterly Security Notification briefing by DevCentral in the following video: High CVEs Medium CVEs Security Exposures High CVEs Article (CVE)| CVSS score| Affected products| Affected versions1| Fixes introduced in —|—|—|—|— K000138636: BIG-IP Configuration utility XSS vulnerability CVE-2024-31156| 8.0| BIG-IP (all modules)| 17.1.0 – 17.1.1 16.1.0 – 16.1.4 15.1.0 – 15.1.10| 17.1.1.3 16.1.4.3 15.1.10.4 K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793| 7.5| BIG-IP Next Central Manager| 20.0.1 – 20.1.0| 20.2.0 K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026| 7.5| BIG-IP Next Central Manager| 20.0.1 – 20.1.0| 20.2.0 K000138728: BIG-IP IPsec vulnerability CVE-2024-33608| 7.5| BIG-IP (all modules)| 17.1.0| 17.1.1 K000139037: TMM vulnerability CVE-2024-25560| 7.5| BIG-IP (AFM)| 17.1.0 16.1.0 – 16.1.3 15.1.0 – 15.1.10| 17.1.1 16.1.4 BIG-IP Next CNF| 1.1.0 – 1.1.1| 1.2.0 K000138634: BIG-IP Next Central Manager vulnerability CVE-2024-32049| 7.4| BIG-IP Next Central Manager| 20.0.1 – 20.0.2| 20.1.0 K000138744: BIG-IP APM browser network access VPN client vulnerability…Read More