Vulnerabilities > F5 > BIG IP Access Policy Manager

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2018-15326 Improper Certificate Validation vulnerability in F5 Big-Ip Access Policy Manager
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.
network
high complexity
f5 CWE-295
7.5
2018-10-31 CVE-2018-15325 Resource Exhaustion vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands
network
low complexity
f5 CWE-400
4.3
2018-10-31 CVE-2018-15324 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager
On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.
network
high complexity
f5 CWE-20
5.9
2018-10-31 CVE-2018-15323 Improper Input Validation vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.
network
high complexity
f5 CWE-20
5.9
2018-10-31 CVE-2018-15322 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly.
network
low complexity
f5
6.5
2018-10-31 CVE-2018-15321 Improper Privilege Management vulnerability in F5 products
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files.
network
low complexity
f5 CWE-269
4.9
2018-10-31 CVE-2018-15320 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system.
network
low complexity
f5
7.5
2018-10-31 CVE-2018-15319 Improper Input Validation vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.
network
low complexity
f5 CWE-20
7.5
2018-10-31 CVE-2018-15318 Improper Input Validation vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete.
network
low complexity
f5 CWE-20
7.5
2018-10-31 CVE-2018-15317 Unspecified vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors.
network
low complexity
f5
7.5