Vulnerabilities > F5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-11 | CVE-2020-27730 | Path Traversal vulnerability in multiple products In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. | 9.8 |
2020-12-11 | CVE-2020-5950 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. | 5.3 |
2020-12-11 | CVE-2020-5949 | Unspecified vulnerability in F5 products On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break. | 7.5 |
2020-12-11 | CVE-2020-5948 | Cross-site Scripting vulnerability in F5 products On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. | 9.6 |
2020-12-11 | CVE-2020-27713 | Memory Leak vulnerability in F5 Big-Ip Advanced Firewall Manager 13.1.3.4 In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory. | 7.5 |
2020-11-19 | CVE-2020-5947 | Unspecified vulnerability in F5 products In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. | 4.3 |
2020-11-05 | CVE-2020-5946 | Unspecified vulnerability in F5 Big-Ip Fraud Protection Service In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | 7.5 |
2020-11-05 | CVE-2020-5945 | Cross-site Scripting vulnerability in F5 products In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). | 8.4 |
2020-11-05 | CVE-2020-5944 | Unspecified vulnerability in F5 Big-Iq Centralized Management 7.1.0 In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. | 4.3 |
2020-11-05 | CVE-2020-5943 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in F5 products In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. | 6.5 |