Vulnerabilities > F5 > BIG IP Access Policy Manager

DATE CVE VULNERABILITY TITLE RISK
2020-04-30 CVE-2020-5892 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
local
low complexity
f5
6.7
2020-04-30 CVE-2020-5890 Information Exposure vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.
local
low complexity
f5 CWE-200
5.5
2020-04-30 CVE-2020-5888 Unspecified vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.
low complexity
f5
8.1
2020-04-30 CVE-2020-5893 Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
network
high complexity
f5 CWE-319
3.7
2020-04-30 CVE-2020-5891 Unspecified vulnerability in F5 products
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.
network
low complexity
f5
7.5
2020-04-30 CVE-2020-5889 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.
network
low complexity
f5 CWE-79
5.4
2020-04-30 CVE-2020-5887 Exposure of Resource to Wrong Sphere vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
network
low complexity
f5 CWE-668
critical
9.1
2020-04-30 CVE-2020-5886 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
9.1
2020-04-30 CVE-2020-5885 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
9.1
2020-04-30 CVE-2020-5884 Unspecified vulnerability in F5 products
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure.
network
low complexity
f5
critical
9.1