Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-5897 | Use After Free vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. | 8.8 |
| 2020-05-12 | CVE-2020-5896 | Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | 7.8 |
| 2020-05-07 | CVE-2020-5895 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 Nginx Controller 3.1.0/3.2.0/3.3.0 On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. | 7.8 |
| 2020-05-07 | CVE-2020-5894 | Session Fixation vulnerability in F5 Nginx Controller On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. | 8.1 |
| 2020-04-30 | CVE-2020-5892 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. | 6.7 |
| 2020-04-30 | CVE-2020-5890 | Information Exposure vulnerability in F5 products On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. | 5.5 |
| 2020-04-30 | CVE-2020-5888 | Unspecified vulnerability in F5 products On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings. low complexity f5 | 8.1 |
| 2020-04-30 | CVE-2020-5893 | Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Access Policy Manager In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. | 3.7 |
| 2020-04-30 | CVE-2020-5891 | Unspecified vulnerability in F5 products On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile. | 7.5 |
| 2020-04-30 | CVE-2020-5889 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. | 5.4 |