Vulnerabilities > F5 > BIG IP Policy Enforcement Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-20 | CVE-2019-6649 | Unspecified vulnerability in F5 products F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. | 9.1 |
2019-09-04 | CVE-2019-6646 | Unspecified vulnerability in F5 products On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. | 8.8 |
2019-09-04 | CVE-2019-6643 | Unspecified vulnerability in F5 products On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file. | 7.5 |
2019-09-04 | CVE-2019-6647 | Memory Leak vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. | 5.3 |
2019-09-04 | CVE-2019-6644 | Unspecified vulnerability in F5 products Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. | 9.4 |
2019-09-04 | CVE-2019-6645 | Unspecified vulnerability in F5 products On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken. | 7.5 |
2019-07-26 | CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. | 9.1 |
2019-07-03 | CVE-2019-6641 | Unspecified vulnerability in F5 products On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. | 6.5 |
2019-07-03 | CVE-2019-6640 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. | 5.3 |
2019-07-03 | CVE-2019-6639 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. | 4.8 |