Vulnerabilities > F5 > BIG IP Access Policy Manager > 12.1.5

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-5897 Use After Free vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
network
low complexity
f5 CWE-416
8.8
8.8
2020-05-12 CVE-2020-5896 Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
local
low complexity
f5 CWE-276
7.8
7.8
2020-04-30 CVE-2020-5892 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
local
low complexity
f5
6.7
6.7
2020-04-30 CVE-2020-5890 Information Exposure vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.
local
low complexity
f5 CWE-200
5.5
5.5
2020-04-30 CVE-2020-5893 Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
network
high complexity
f5 CWE-319
3.7
3.7
2020-04-30 CVE-2020-5886 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
 9.1
9.1
2020-04-30 CVE-2020-5885 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
 9.1
9.1
2020-04-30 CVE-2020-5884 Unspecified vulnerability in F5 products
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure.
network
low complexity
f5
critical
 9.1
9.1
2020-04-30 CVE-2020-5882 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5877 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.
network
low complexity
f5
7.5
7.5