Vulnerabilities > F5 > BIG IP Policy Enforcement Manager > 12.1.3.1

DATE CVE VULNERABILITY TITLE RISK
2018-07-25 CVE-2018-5530 Resource Exhaustion vulnerability in F5 products
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
network
low complexity
f5 CWE-400
7.5
7.5
2018-07-19 CVE-2018-5534 Improper Input Validation vulnerability in F5 products
Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.
network
low complexity
f5 CWE-20
7.5
7.5
2018-04-13 CVE-2018-5506 Unspecified vulnerability in F5 products
In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.
network
low complexity
f5
critical
 9.8
9.8
2018-03-22 CVE-2018-5509 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service.
network
low complexity
f5 CWE-20
7.5
7.5
2018-03-22 CVE-2018-5504 Unspecified vulnerability in F5 products
In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.
network
high complexity
f5
8.1
8.1
2018-03-22 CVE-2018-5503 Improper Input Validation vulnerability in F5 Big-Ip Policy Enforcement Manager
On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.
network
low complexity
f5 CWE-20
7.5
7.5
2018-03-01 CVE-2018-5500 Resource Exhaustion vulnerability in F5 products
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory.
network
high complexity
f5 CWE-400
5.9
5.9
2018-03-01 CVE-2017-6150 Improper Input Validation vulnerability in F5 products
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
network
low complexity
f5 CWE-20
7.5
7.5