- How many CVEs does F5 have?
- F5 has 1,039 published CVE records since 2002, including 160 in the last two years.
- How many F5 CVEs are in CISA KEV?
- Yes — 13 of F5's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which F5 products have the most CVEs?
- The F5 products with the most published CVEs are big-ip_access_policy_manager, big-ip application security manager, big-ip advanced firewall manager, big-ip local traffic manager, big-ip policy enforcement manager.
- What are the most common weakness types in F5 CVEs?
- F5's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption), CWE-476 (NULL Pointer Dereference), CWE-20 (Improper Input Validation), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
- Are there public exploits for F5 vulnerabilities?
- Yes — 68 of F5's CVEs have a known public exploit.
- How many critical F5 vulnerabilities are there?
- F5 has 84 critical and 576 high-severity CVEs.
- What is the average severity of F5 CVEs?
- The average CVSS base score across F5's scored CVEs is 7.1.