Vulnerabilities > F5 > BIG IP Application Security Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2019-6675 Improper Authentication vulnerability in F5 products
BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass.
network
low complexity
f5 CWE-287
critical
9.8
2019-09-20 CVE-2019-6649 Unspecified vulnerability in F5 products
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
network
low complexity
f5
critical
9.1
2019-09-20 CVE-2019-6650 Unspecified vulnerability in F5 Big-Ip Application Security Manager
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
network
low complexity
f5
critical
9.1
2019-09-04 CVE-2019-6644 Unspecified vulnerability in F5 products
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked.
network
low complexity
f5
critical
9.4
2019-07-26 CVE-2019-10744 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
network
low complexity
lodash netapp redhat oracle f5
critical
9.1
2019-04-15 CVE-2019-6609 Insufficiently Protected Credentials vulnerability in F5 products
Platform dependent weakness.
network
low complexity
f5 CWE-522
critical
9.8
2019-02-26 CVE-2019-6592 Improper Certificate Validation vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles.
network
low complexity
f5 CWE-295
critical
9.1
2018-04-13 CVE-2018-5506 Unspecified vulnerability in F5 products
In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.
network
low complexity
f5
critical
9.8
2017-10-20 CVE-2017-6165 Information Exposure Through Log Files vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.
network
low complexity
f5 CWE-532
critical
9.8
2017-05-23 CVE-2017-6131 Use of Hard-coded Credentials vulnerability in F5 products
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system.
network
low complexity
f5 CWE-798
critical
9.8