Vulnerabilities > F5 > BIG IP Advanced Firewall Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-26 | CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. | 9.1 |
2019-07-03 | CVE-2019-6641 | Unspecified vulnerability in F5 products On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. | 6.5 |
2019-07-03 | CVE-2019-6640 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. | 5.3 |
2019-07-03 | CVE-2019-6639 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. | 4.8 |
2019-07-03 | CVE-2019-6638 | Infinite Loop vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. | 6.5 |
2019-07-03 | CVE-2019-6636 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. | 8.4 |
2019-07-03 | CVE-2019-6635 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. | 4.4 |
2019-07-03 | CVE-2019-6634 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. | 6.5 |
2019-07-03 | CVE-2019-6632 | Use of Insufficiently Random Values vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. | 5.5 |
2019-07-03 | CVE-2019-6633 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. | 4.4 |