Vulnerabilities > F5 > BIG IP Policy Enforcement Manager > 15.1.0

DATE CVE VULNERABILITY TITLE RISK
2020-04-30 CVE-2020-5891 Unspecified vulnerability in F5 products
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5887 Exposure of Resource to Wrong Sphere vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
network
low complexity
f5 CWE-668
critical
 9.1
9.1
2020-04-30 CVE-2020-5886 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
 9.1
9.1
2020-04-30 CVE-2020-5885 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel.
network
low complexity
f5 CWE-319
critical
 9.1
9.1
2020-04-30 CVE-2020-5884 Unspecified vulnerability in F5 products
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure.
network
low complexity
f5
critical
 9.1
9.1
2020-04-30 CVE-2020-5881 Unspecified vulnerability in F5 products
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5878 Unspecified vulnerability in F5 products
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5877 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.
network
low complexity
f5
7.5
7.5
2020-04-30 CVE-2020-5876 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer.
network
high complexity
f5 CWE-319
8.1
8.1
2020-03-27 CVE-2020-5862 Unspecified vulnerability in F5 products
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic.
network
low complexity
f5
7.5
7.5