Vulnerabilities > F5 > BIG IP Access Policy Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-20 | CVE-2017-6141 | Improper Input Validation vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). | 5.9 |
2017-09-18 | CVE-2017-6147 | Unspecified vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. | 5.9 |
2017-06-09 | CVE-2016-7469 | Cross-site Scripting vulnerability in F5 products A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. | 5.4 |
2017-06-08 | CVE-2014-6031 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. | 4.9 |
2017-05-09 | CVE-2017-6137 | Unspecified vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. | 5.9 |
2017-05-09 | CVE-2017-0302 | Range Error vulnerability in F5 Big-Ip Access Policy Manager In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters. | 5.3 |
2017-05-09 | CVE-2016-9257 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user. | 6.1 |
2017-04-11 | CVE-2016-7467 | Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | 5.3 |
2017-03-27 | CVE-2016-7474 | Information Exposure vulnerability in F5 products In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. | 5.5 |
2017-03-23 | CVE-2016-7468 | Improper Access Control vulnerability in F5 products An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. | 5.9 |