Vulnerabilities > F5 > BIG IP Analytics > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-25 CVE-2018-5542 Improper Input Validation vulnerability in F5 products
F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.
network
high complexity
f5 CWE-20
8.1
2018-07-25 CVE-2018-5531 Improper Input Validation vulnerability in F5 products
Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems.
low complexity
f5 CWE-20
7.4
2018-07-25 CVE-2018-5530 Resource Exhaustion vulnerability in F5 products
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
network
low complexity
f5 CWE-400
7.5
2018-07-19 CVE-2018-5535 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.
network
low complexity
f5 CWE-20
7.5
2018-07-19 CVE-2018-5534 Improper Input Validation vulnerability in F5 products
Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.
network
low complexity
f5 CWE-20
7.5
2018-07-19 CVE-2018-5533 Improper Input Validation vulnerability in F5 products
Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.
network
low complexity
f5 CWE-20
7.5
2018-07-06 CVE-2018-13405 Improper Privilege Management vulnerability in multiple products
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group.
7.8
2018-06-27 CVE-2018-5527 Missing Release of Resource after Effective Lifetime vulnerability in F5 products
On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory.
network
low complexity
f5 CWE-772
7.5
2018-06-01 CVE-2018-5523 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5
7.2
2018-06-01 CVE-2018-5513 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service.
network
low complexity
f5 CWE-20
7.5