Vulnerabilities > F5 > BIG IP Access Policy Manager > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2020-5906 Incorrect Default Permissions vulnerability in F5 products
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files.
network
low complexity
f5 CWE-276
8.1
8.1
2020-07-01 CVE-2020-5904 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
network
low complexity
f5 CWE-352
8.8
8.8
2020-05-12 CVE-2020-5897 Use After Free vulnerability in F5 Big-Ip Access Policy Manager
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
network
low complexity
f5 CWE-416
8.8
8.8
2020-05-12 CVE-2020-5896 Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
local
low complexity
f5 CWE-276
7.8
7.8
2020-04-30 CVE-2020-5888 Unspecified vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.
low complexity
f5
8.1
8.1
2020-04-30 CVE-2020-5891 Unspecified vulnerability in F5 products
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5883 Memory Leak vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.
network
low complexity
f5 CWE-401
7.5
7.5
2020-04-30 CVE-2020-5882 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5881 Unspecified vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5880 Unrestricted Upload of File with Dangerous Type vulnerability in F5 products
Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system.
network
low complexity
f5 CWE-434
7.1
7.1