Vulnerabilities > F5 > BIG IP Access Policy Manager

DATE CVE VULNERABILITY TITLE RISK
2020-04-30 CVE-2020-5888 Unspecified vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.
low complexity
f5
8.1
8.1
2020-04-30 CVE-2020-5893 Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
network
high complexity
f5 CWE-319
3.7
3.7
2020-04-30 CVE-2020-5891 Unspecified vulnerability in F5 products
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5889 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.
network
low complexity
f5 CWE-79
5.4
5.4
2020-04-30 CVE-2020-5887 Exposure of Resource to Wrong Sphere vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
network
low complexity
f5 CWE-668
critical
 9.1
9.1
2020-04-30 CVE-2020-5886 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
 9.1
9.1
2020-04-30 CVE-2020-5885 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
 9.1
9.1
2020-04-30 CVE-2020-5884 Unspecified vulnerability in F5 products
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure.
network
low complexity
f5
critical
 9.1
9.1
2020-04-30 CVE-2020-5883 Memory Leak vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.
network
low complexity
f5 CWE-401
7.5
7.5
2020-04-30 CVE-2020-5882 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.
network
low complexity
f5
7.5
7.5