CVE Database · CVE-2022-1388
CVSS v3.1
9.8
EPSS
99.96%
Published
May 5, 2022
Modified
Oct 27, 2025
CISA Known Exploited Vulnerability
Added: 2022-05-10 · Due: 2022-05-31
Apply updates per vendor instructions.
Public PoC / Exploit (11)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (66)
References (11)
...and 16 more