Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-30 | CVE-2020-5877 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service. | 7.5 |
| 2020-04-30 | CVE-2020-5876 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. | 8.1 |
| 2020-04-30 | CVE-2020-5875 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy. | 7.5 |
| 2020-04-30 | CVE-2020-5874 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM). | 7.5 |
| 2020-04-30 | CVE-2020-5873 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request. | 7.2 |
| 2020-04-30 | CVE-2020-5872 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event. | 7.5 |
| 2020-04-30 | CVE-2020-5871 | Unspecified vulnerability in F5 products On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. | 7.5 |
| 2020-04-24 | CVE-2020-5870 | Missing Authentication for Critical Function vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. | 8.1 |
| 2020-04-24 | CVE-2020-5869 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. | 9.1 |
| 2020-04-24 | CVE-2020-5868 | OS Command Injection vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | 9.8 |