Vulnerabilities > F5 > BIG IP Access Policy Manager > 15.1.2

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-22990 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
7.2
7.2
2021-03-31 CVE-2021-22989 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
critical
 9.1
9.1
2021-03-31 CVE-2021-22987 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
critical
 9.9
9.9
2021-03-31 CVE-2021-22988 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
8.8
8.8
2021-03-31 CVE-2021-22986 Server-Side Request Forgery (SSRF) vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability.
network
low complexity
f5 CWE-918
critical
 9.8
9.8
2021-02-12 CVE-2021-22980 Untrusted Search Path vulnerability in F5 Big-Ip Access Policy Manager
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory.
local
low complexity
f5 CWE-426
7.8
7.8
2021-02-12 CVE-2021-22975 Unspecified vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic.
network
low complexity
f5
7.5
7.5
2021-02-12 CVE-2021-22974 Race Condition vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level.
network
high complexity
f5 CWE-362
7.5
7.5
2021-02-12 CVE-2021-22973 Out-of-bounds Write vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes.
network
low complexity
f5 CWE-787
7.5
7.5