Vulnerabilities > F5 > BIG IP Webaccelerator > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-23 CVE-2019-6678 Unspecified vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.
network
low complexity
f5
5.3
2019-11-27 CVE-2019-6670 Cleartext Storage of Sensitive Information vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
local
low complexity
f5 CWE-312
4.4
2019-11-15 CVE-2019-6663 Improper Input Validation vulnerability in F5 products
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.
local
low complexity
f5 CWE-20
5.5
2019-11-15 CVE-2019-6662 Information Exposure Through Log Files vulnerability in F5 products
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request.
network
low complexity
f5 CWE-532
6.5
2019-11-01 CVE-2019-6657 Cross-site Scripting vulnerability in F5 products
On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.
network
low complexity
f5 CWE-79
6.1
2019-10-09 CVE-2019-6471 Reachable Assertion vulnerability in multiple products
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.
network
high complexity
f5 isc CWE-617
5.9
2019-09-25 CVE-2019-6654 Improper Input Validation vulnerability in F5 products
On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface).
low complexity
f5 CWE-20
4.3
2019-09-25 CVE-2019-6651 Information Exposure Through Discrepancy vulnerability in F5 products
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.
network
low complexity
f5 CWE-203
5.3
2019-09-04 CVE-2019-6647 Memory Leak vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory.
network
low complexity
f5 CWE-401
5.3
2019-07-03 CVE-2019-6641 Unspecified vulnerability in F5 products
On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash.
network
low complexity
f5
6.5