K35253541 doubts

Right now there is no fix. No version to upgrade to.

The vulnerabilities are usually for the device itself.

So management interface is affected. 

But you can use self-ip also to manage the device. And that go through tmm.

look at the self-ip port-lockdown option. if is set to default it means it allows a bunch of ports, including https.

https://support.f5.com/csp/article/K17333

you might want to choose none and use only management interface for administrative stuff.

K35253541 - java vulnerability come under tmm affected or mgmt- interface affected