|
|
F5 : Security Vulnerabilities (CVSS score between 3 and 3.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-6633 |
|
|
Bypass |
2019-07-03 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. |
|
2 |
CVE-2019-6635 |
|
|
Bypass |
2019-07-03 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. |
|
3 |
CVE-2019-6679 |
59 |
|
|
2019-12-23 |
2020-01-02 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. |
|
4 |
CVE-2020-5912 |
20 |
|
|
2020-08-26 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. |
|
5 |
CVE-2016-5236 |
79 |
|
XSS |
2019-07-01 |
2019-07-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. |
|
6 |
CVE-2016-7467 |
20 |
|
|
2017-04-11 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. |
|
7 |
CVE-2016-7469 |
79 |
|
XSS |
2017-06-09 |
2019-06-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. |
|
8 |
CVE-2017-0302 |
118 |
|
|
2017-05-09 |
2017-07-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters. |
|
9 |
CVE-2018-5520 |
863 |
|
|
2018-05-02 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. |
|
10 |
CVE-2018-5528 |
20 |
|
|
2018-06-27 |
2018-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. |
|
11 |
CVE-2019-6591 |
79 |
|
XSS |
2019-02-05 |
2019-02-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. |
|
12 |
CVE-2019-6639 |
79 |
|
XSS |
2019-07-03 |
2019-07-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS. |
|
13 |
CVE-2019-6653 |
79 |
|
XSS |
2019-09-25 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles. |
|
14 |
CVE-2019-19150 |
532 |
|
|
2019-12-23 |
2019-12-30 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. |
|
15 |
CVE-2020-5853 |
79 |
|
XSS |
2020-01-14 |
2020-01-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict. |
|
16 |
CVE-2020-5889 |
79 |
|
XSS |
2020-04-30 |
2020-05-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. |
|
17 |
CVE-2020-5932 |
79 |
|
Exec Code XSS |
2020-10-29 |
2020-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. |
|
18 |
CVE-2020-5940 |
79 |
|
XSS |
2020-11-05 |
2020-11-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. |
|
19 |
CVE-2020-27722 |
400 |
|
|
2020-12-24 |
2020-12-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. |
|
20 |
CVE-2020-27725 |
772 |
|
|
2020-12-24 |
2021-07-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. |
|
21 |
CVE-2021-22983 |
79 |
|
XSS |
2021-02-12 |
2021-02-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
|
22 |
CVE-2021-23038 |
79 |
|
XSS |
2021-09-14 |
2021-09-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
23 |
CVE-2021-23046 |
532 |
|
|
2021-09-14 |
2021-09-24 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
24 |
CVE-2022-27662 |
1336 |
|
|
2022-05-05 |
2022-05-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
|
25 |
CVE-2022-27880 |
79 |
|
XSS |
2022-05-05 |
2022-05-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
|
26 |
CVE-2022-28707 |
79 |
|
XSS |
2022-05-05 |
2022-05-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
|
27 |
CVE-2017-6134 |
20 |
|
|
2017-12-21 |
2018-01-12 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. |
|
28 |
CVE-2019-6654 |
20 |
|
|
2019-09-25 |
2019-09-26 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. |
|
29 |
CVE-2020-5888 |
|
|
Bypass |
2020-04-30 |
2020-05-06 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings. |
|
30 |
CVE-2020-5928 |
352 |
|
CSRF |
2020-08-26 |
2020-09-02 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. |
|
31 |
CVE-2020-5934 |
|
|
|
2020-10-29 |
2020-11-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted. |
|
32 |
CVE-2022-27495 |
306 |
|
|
2022-05-05 |
2022-05-13 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Total number of vulnerabilities : 32
Page :
1
(This Page)
|
|
