Vulnerabilities > F5 > BIG IP Domain Name System > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-26 | CVE-2020-5916 | Improper Privilege Management vulnerability in F5 products In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. | 6.8 |
2020-08-26 | CVE-2020-5915 | Cross-site Scripting vulnerability in F5 products In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. | 6.1 |
2020-07-01 | CVE-2020-5905 | Cross-site Scripting vulnerability in F5 products In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display. | 4.3 |
2020-07-01 | CVE-2020-5903 | Cross-site Scripting vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | 6.1 |
2020-04-30 | CVE-2020-5890 | Information Exposure vulnerability in F5 products On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. | 5.5 |
2020-02-06 | CVE-2020-5854 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. | 5.9 |
2020-01-14 | CVE-2020-5851 | Unspecified vulnerability in F5 products On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. low complexity f5 | 4.6 |
2020-01-08 | CVE-2014-5209 | Information Exposure vulnerability in multiple products An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | 5.3 |
2019-12-23 | CVE-2019-19151 | Improper Privilege Management vulnerability in F5 products On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. | 5.5 |
2019-12-23 | CVE-2019-6688 | Unspecified vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files. | 4.3 |