Vulnerabilities > F5 > BIG IP Application Security Manager > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-21 CVE-2017-6133 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.
network
low complexity
f5 CWE-20
7.5
2017-12-21 CVE-2017-6132 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.
network
low complexity
f5 CWE-20
7.5
2017-10-27 CVE-2017-6157 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.
network
high complexity
f5
8.1
2017-10-27 CVE-2017-0303 Incomplete Cleanup vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation.
network
low complexity
f5 CWE-459
7.5
2017-10-20 CVE-2017-6145 Insufficient Session Expiration vulnerability in F5 products
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens.
network
low complexity
f5 CWE-613
7.3
2017-05-11 CVE-2016-7476 Improper Input Validation vulnerability in F5 products
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic.
network
low complexity
f5 CWE-20
7.5
2017-05-10 CVE-2016-9250 Permissions, Privileges, and Access Controls vulnerability in F5 products
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
network
low complexity
f5 CWE-264
7.5
2017-05-09 CVE-2016-9256 Race Condition vulnerability in F5 products
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request.
network
high complexity
f5 CWE-362
7.5
2017-05-09 CVE-2016-9253 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
network
low complexity
f5 CWE-20
7.5
2017-05-09 CVE-2016-9251 Permissions, Privileges, and Access Controls vulnerability in F5 products
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
network
low complexity
f5 CWE-264
8.8