Vulnerabilities > F5 > BIG IP Access Policy Manager > 15.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-5896 | Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | 7.8 |
| 2020-04-30 | CVE-2020-5890 | Information Exposure vulnerability in F5 products On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. | 5.5 |
| 2020-04-30 | CVE-2020-5888 | Unspecified vulnerability in F5 products On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings. low complexity f5 | 8.1 |
| 2020-04-30 | CVE-2020-5891 | Unspecified vulnerability in F5 products On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile. | 7.5 |
| 2020-04-30 | CVE-2020-5889 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. | 5.4 |
| 2020-04-30 | CVE-2020-5887 | Exposure of Resource to Wrong Sphere vulnerability in F5 products On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings. | 9.1 |
| 2020-04-30 | CVE-2020-5886 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. | 9.1 |
| 2020-04-30 | CVE-2020-5885 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. | 9.1 |
| 2020-04-30 | CVE-2020-5884 | Unspecified vulnerability in F5 products On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. | 9.1 |
| 2020-04-30 | CVE-2020-5881 | Unspecified vulnerability in F5 products On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes. | 7.5 |