Vulnerabilities > F5 > BIG IP Advanced Firewall Manager

DATE CVE VULNERABILITY TITLE RISK
2019-09-04 CVE-2019-6643 Unspecified vulnerability in F5 products
On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.
network
low complexity
f5
7.5
7.5
2019-09-04 CVE-2019-6647 Memory Leak vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory.
network
low complexity
f5 CWE-401
5.3
5.3
2019-09-04 CVE-2019-6644 Unspecified vulnerability in F5 products
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked.
network
low complexity
f5
critical
 9.4
9.4
2019-09-04 CVE-2019-6645 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.
network
low complexity
f5
7.5
7.5
2019-07-26 CVE-2019-10744 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
network
low complexity
lodash netapp redhat oracle f5
critical
 9.1
9.1
2019-07-03 CVE-2019-6641 Unspecified vulnerability in F5 products
On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash.
network
low complexity
f5
6.5
6.5
2019-07-03 CVE-2019-6640 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels.
network
low complexity
f5 CWE-319
5.3
5.3
2019-07-03 CVE-2019-6639 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager
On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue.
network
low complexity
f5 CWE-79
4.8
4.8
2019-07-03 CVE-2019-6638 Infinite Loop vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.
network
low complexity
f5 CWE-835
6.5
6.5
2019-07-03 CVE-2019-6636 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager
On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list.
network
low complexity
f5 CWE-79
8.4
8.4