Vulnerabilities > F5 > BIG IP Application Security Manager > 11.5.1

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2019-6626 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager
On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility.
network
low complexity
f5 CWE-79
6.1
2019-07-03 CVE-2019-6625 Cross-site Scripting vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility.
network
low complexity
f5 CWE-79
6.1
2019-07-02 CVE-2019-6622 Command Injection vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user.
network
low complexity
f5 CWE-77
7.2
2019-03-28 CVE-2019-6608 Memory Leak vulnerability in F5 products
On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.
network
high complexity
f5 CWE-401
5.9
2019-03-28 CVE-2019-6607 Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip Application Security Manager
On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility.
network
low complexity
f5 CWE-352
6.8
2019-03-28 CVE-2019-6606 Memory Leak vulnerability in F5 products
On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.
network
low complexity
f5 CWE-401
4.3
2019-03-28 CVE-2019-6605 Unspecified vulnerability in F5 products
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.
network
low complexity
f5
7.5
2019-03-28 CVE-2019-6604 Unspecified vulnerability in F5 products
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.
network
high complexity
f5
6.8
2019-03-28 CVE-2019-6603 Unspecified vulnerability in F5 products
In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service.
network
low complexity
f5
7.5
2019-03-28 CVE-2019-6602 Information Exposure Through Discrepancy vulnerability in F5 products
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.
network
low complexity
f5 CWE-203
7.5