Vulnerabilities > F5 > BIG IP Access Policy Manager > 14.0.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-05 | CVE-2019-6591 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | 5.4 |
| 2018-12-28 | CVE-2018-15334 | Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip Access Policy Manager A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | 4.3 |
| 2018-12-28 | CVE-2018-15333 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products On versions 11.2.1. | 5.5 |
| 2018-09-06 | CVE-2018-5391 | Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. | 7.5 |
| 2018-07-06 | CVE-2018-13405 | Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. | 7.8 |