7.1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-24	CVE-2020-5870	Missing Authentication for Critical Function vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. low complexity f5 CWE-306	8.1
2020-04-24	CVE-2020-5869	Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. network low complexity f5 CWE-924 critical	9.1
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9