Vulnerabilities > F5 > BIG IP Policy Enforcement Manager > 14.1.0.3.0.97.6

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2019-6651 Information Exposure Through Discrepancy vulnerability in F5 products
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.
network
low complexity
f5 CWE-203
5.3
5.3
2019-07-03 CVE-2019-6640 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels.
network
low complexity
f5 CWE-319
5.3
5.3
2019-07-03 CVE-2019-6639 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager
On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue.
network
low complexity
f5 CWE-79
4.8
4.8
2019-07-03 CVE-2019-6638 Infinite Loop vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.
network
low complexity
f5 CWE-835
6.5
6.5
2019-07-03 CVE-2019-6635 Unspecified vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions.
local
low complexity
f5
4.4
4.4
2019-07-03 CVE-2019-6634 Unspecified vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process.
network
low complexity
f5
4.0
4.0
2019-07-03 CVE-2019-6632 Cryptographic Issues vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness.
local
low complexity
f5 CWE-310
2.1
2.1
2019-07-03 CVE-2019-6633 Unspecified vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.
local
low complexity
f5
4.4
4.4
2019-07-03 CVE-2019-6629 Unspecified vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart.
network
low complexity
f5
7.5
7.5
2019-07-03 CVE-2019-6628 Unspecified vulnerability in F5 Big-Ip Policy Enforcement Manager
On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.
network
low complexity
f5
5.0
5.0